General
-
Target
XCliewnt.exe
-
Size
36KB
-
Sample
240524-q4byzaga8y
-
MD5
b334c63e36cc6f55d6fb14f551680e3f
-
SHA1
633f0a3c3a35bdedc07b8cef298cfaa77fda35ea
-
SHA256
647b9e3f9d34915b466959d636c69edf1831e53c2c990bbdaee0c419e7ba2550
-
SHA512
2e9bca62cfc3d9c498047ab959fd36d02bb85e6c552a74c875c64a11b3f9344d94a7068e0b9e469da223356075d47dd2d6bf023abd4e333e884717cc51a21fa8
-
SSDEEP
768:TQyEH5b7YJnhMbHh9Q3B7rh/Fu9y6OfhO/O+:rEhMJh2HhOx7r5Fu9y6OfZ+
Behavioral task
behavioral1
Sample
XCliewnt.exe
Resource
win7-20240508-en
Malware Config
Extracted
xworm
3.1
147.185.221.19:61182
9c34Jbpr4kfQUsrS
-
Install_directory
%LocalAppData%
-
install_file
USB.exe
Targets
-
-
Target
XCliewnt.exe
-
Size
36KB
-
MD5
b334c63e36cc6f55d6fb14f551680e3f
-
SHA1
633f0a3c3a35bdedc07b8cef298cfaa77fda35ea
-
SHA256
647b9e3f9d34915b466959d636c69edf1831e53c2c990bbdaee0c419e7ba2550
-
SHA512
2e9bca62cfc3d9c498047ab959fd36d02bb85e6c552a74c875c64a11b3f9344d94a7068e0b9e469da223356075d47dd2d6bf023abd4e333e884717cc51a21fa8
-
SSDEEP
768:TQyEH5b7YJnhMbHh9Q3B7rh/Fu9y6OfhO/O+:rEhMJh2HhOx7r5Fu9y6OfZ+
Score10/10-
Detect Xworm Payload
-
Executes dropped EXE
-
Adds Run key to start application
-