General

  • Target

    XSClient.exe

  • Size

    168KB

  • MD5

    94f62052a87ac5bcb871cbf2f812e4a7

  • SHA1

    af09408b38ad00fedec52264841883d86feeaaa6

  • SHA256

    5cf066993ef3c1ab5f73f3b95763cee4140be4edba2563443087c54106a9faf4

  • SHA512

    5e35ed56bbd4bb1badbddc2d69c153b940b993b0b9810647c753eaab6a71757af61cb50f6455299fb9591e85a9f6056d1b48499e826311d0b2320726f24b364d

  • SSDEEP

    1536:urcZEaZP6PFT80ThNVWrbmHXGXD86sVOhrUJLepysa7iAMR:/iPFT8yVgbm3cSOhYJepYuAS

Score
10/10

Malware Config

Extracted

Family

xworm

Attributes
  • Install_directory

    %AppData%

  • install_file

    XSClient.exe

  • pastebin_url

    https://pastebin.com/raw/2jTT3Lnj

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • XSClient.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections