General
-
Target
e43ce5c79d5ce46f62d290f6df85e0f75691f332657b7d357631c2df6da91cb7.exe
-
Size
726KB
-
Sample
240523-cl33vaac37
-
MD5
0e9969044f657b12f4cdad27254e5f91
-
SHA1
41d8196fd7520fa391361a39e3d1c6e6f124f07e
-
SHA256
e43ce5c79d5ce46f62d290f6df85e0f75691f332657b7d357631c2df6da91cb7
-
SHA512
2021bc8a0828084bcfbe0af6f997b3847cc0c63fa614db25a9116259b1bf9124eccdf5ad0a1fab37192b535199ad4e5c5570e448be43154baa49bd327db65284
-
SSDEEP
12288:SMMbni72U8L4042zQ1WVeXFfJoPQ5Puvg8BQcCRjEgTeRJRCIYpu5ssoxU:VMbni723L73/gXFxoY8Y8eckEH
Static task
static1
Behavioral task
behavioral1
Sample
e43ce5c79d5ce46f62d290f6df85e0f75691f332657b7d357631c2df6da91cb7.exe
Resource
win7-20240220-en
Malware Config
Extracted
xworm
104.250.180.178:7061
-
Install_directory
%AppData%
-
install_file
XClient.exe
Targets
-
-
Target
e43ce5c79d5ce46f62d290f6df85e0f75691f332657b7d357631c2df6da91cb7.exe
-
Size
726KB
-
MD5
0e9969044f657b12f4cdad27254e5f91
-
SHA1
41d8196fd7520fa391361a39e3d1c6e6f124f07e
-
SHA256
e43ce5c79d5ce46f62d290f6df85e0f75691f332657b7d357631c2df6da91cb7
-
SHA512
2021bc8a0828084bcfbe0af6f997b3847cc0c63fa614db25a9116259b1bf9124eccdf5ad0a1fab37192b535199ad4e5c5570e448be43154baa49bd327db65284
-
SSDEEP
12288:SMMbni72U8L4042zQ1WVeXFfJoPQ5Puvg8BQcCRjEgTeRJRCIYpu5ssoxU:VMbni723L73/gXFxoY8Y8eckEH
-
Detect Xworm Payload
-
Detects Windows executables referencing non-Windows User-Agents
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops startup file
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-