General

  • Target

    XClient.exe

  • Size

    32KB

  • Sample

    240525-zxhbvaah58

  • MD5

    645209e72b336dfa99afd1610996d3d6

  • SHA1

    2db48fc1b5669595526347f50a29970e1b7d7b96

  • SHA256

    29720fa52bddb9b54e84f807660adb533c5a939620055159b6998ab17e2617a4

  • SHA512

    4a888cf63d5e543872f0d97065398304198873870897d0c9b350f722a989664ba1f1e82b12b6f181a2c3c443dd07e23657c61df35b42452664c497d1ccb1c5f1

  • SSDEEP

    768:TRPD9OQhx/BV3Tw4e1dVFE9jLjOjhIbq:Td9OW/V3U4epFE9jfOjiG

Score
10/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

5.tcp.eu.ngrok.io:18375

Mutex

tZiqYUZCfdAQ8MEO

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      XClient.exe

    • Size

      32KB

    • MD5

      645209e72b336dfa99afd1610996d3d6

    • SHA1

      2db48fc1b5669595526347f50a29970e1b7d7b96

    • SHA256

      29720fa52bddb9b54e84f807660adb533c5a939620055159b6998ab17e2617a4

    • SHA512

      4a888cf63d5e543872f0d97065398304198873870897d0c9b350f722a989664ba1f1e82b12b6f181a2c3c443dd07e23657c61df35b42452664c497d1ccb1c5f1

    • SSDEEP

      768:TRPD9OQhx/BV3Tw4e1dVFE9jLjOjhIbq:Td9OW/V3U4epFE9jfOjiG

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks