General
-
Target
XClient.bat
-
Size
64KB
-
Sample
240522-p63n2acc3v
-
MD5
b9ba38c08e5f9113c31434ae324b3a67
-
SHA1
c5a03303b400dcac370989ba8e51e0b0a3c0622d
-
SHA256
b32ef974fa3195e1e88e290cb4b98f156e8ec3a5a053a8c781ecc2a8e47bf408
-
SHA512
a6960a62f1034441acce040366313c4e70563c4b57c8ca2fa30161e06f6489a86de7af52d3f5c5f69e806a8c0097ed7367e136070f40443cfe73945cb86d099c
-
SSDEEP
768:AO70rJOxpoeQhjCEqvimrMRLdJmmC5UXfs3NadfzteQCv/vFyVzgZpB+20JaaaTg:3CgSGNIfso7tqvFysTTdpePNKaAURYja
Static task
static1
Behavioral task
behavioral1
Sample
XClient.bat
Resource
win10-20240404-en
Malware Config
Extracted
xworm
5.0
83.143.112.35:7000
CyKBTjaY0aAqNzKT
-
Install_directory
%Temp%
-
install_file
Chrome.exe
-
telegram
https://api.telegram.org/bot6671364658:AAFSR01MD7rod9u5ExKsea5-2_kUtJR70Ks
Targets
-
-
Target
XClient.bat
-
Size
64KB
-
MD5
b9ba38c08e5f9113c31434ae324b3a67
-
SHA1
c5a03303b400dcac370989ba8e51e0b0a3c0622d
-
SHA256
b32ef974fa3195e1e88e290cb4b98f156e8ec3a5a053a8c781ecc2a8e47bf408
-
SHA512
a6960a62f1034441acce040366313c4e70563c4b57c8ca2fa30161e06f6489a86de7af52d3f5c5f69e806a8c0097ed7367e136070f40443cfe73945cb86d099c
-
SSDEEP
768:AO70rJOxpoeQhjCEqvimrMRLdJmmC5UXfs3NadfzteQCv/vFyVzgZpB+20JaaaTg:3CgSGNIfso7tqvFysTTdpePNKaAURYja
Score10/10-
Detect Xworm Payload
-
Blocklisted process makes network request
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1