General
-
Target
XClient.exe
-
Size
41KB
-
Sample
240521-hz45yscd82
-
MD5
f1d96941d4f0693cb87cdc0fe5b81bcb
-
SHA1
53163392c829b77923a513b5f6c818871fc516c6
-
SHA256
622e5c02db42744643cbe45fceff04258455002a538986f9fa072b59b7032967
-
SHA512
2d0538c003c0e85a02aab32ee8dd50e34e3b4747efbe2c7f8d9afd93a2f5f5bff65b0964d24838933f6e01beb8b3e2d2a165b3bf9b073fe3a4ee4c70aa9cdcf3
-
SSDEEP
768:2Kr2/FPtKX7eRvIiWqyAuIzfjFSuDatF5PG9sROwhA3ECf:2he7EI3RAuwxSuDuFI9sROwKlf
Behavioral task
behavioral1
Sample
XClient.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xworm
5.0
panel-slave.gl.at.ply.gg:27892
gxIttvEODzo6slk2
-
Install_directory
%AppData%
-
install_file
$77client.exe
Targets
-
-
Target
XClient.exe
-
Size
41KB
-
MD5
f1d96941d4f0693cb87cdc0fe5b81bcb
-
SHA1
53163392c829b77923a513b5f6c818871fc516c6
-
SHA256
622e5c02db42744643cbe45fceff04258455002a538986f9fa072b59b7032967
-
SHA512
2d0538c003c0e85a02aab32ee8dd50e34e3b4747efbe2c7f8d9afd93a2f5f5bff65b0964d24838933f6e01beb8b3e2d2a165b3bf9b073fe3a4ee4c70aa9cdcf3
-
SSDEEP
768:2Kr2/FPtKX7eRvIiWqyAuIzfjFSuDatF5PG9sROwhA3ECf:2he7EI3RAuwxSuDuFI9sROwKlf
Score10/10-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-