Behavioral task
behavioral1
Sample
XSClient.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
XSClient.exe
Resource
win10v2004-20240508-en
General
-
Target
XSClient.exe
-
Size
168KB
-
MD5
94f62052a87ac5bcb871cbf2f812e4a7
-
SHA1
af09408b38ad00fedec52264841883d86feeaaa6
-
SHA256
5cf066993ef3c1ab5f73f3b95763cee4140be4edba2563443087c54106a9faf4
-
SHA512
5e35ed56bbd4bb1badbddc2d69c153b940b993b0b9810647c753eaab6a71757af61cb50f6455299fb9591e85a9f6056d1b48499e826311d0b2320726f24b364d
-
SSDEEP
1536:urcZEaZP6PFT80ThNVWrbmHXGXD86sVOhrUJLepysa7iAMR:/iPFT8yVgbm3cSOhYJepYuAS
Malware Config
Extracted
xworm
-
Install_directory
%AppData%
-
install_file
XSClient.exe
-
pastebin_url
https://pastebin.com/raw/2jTT3Lnj
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource XSClient.exe
Files
-
XSClient.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 59KB - Virtual size: 58KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 108KB - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ