General

  • Target

    XClient.exe

  • Size

    32KB

  • MD5

    645209e72b336dfa99afd1610996d3d6

  • SHA1

    2db48fc1b5669595526347f50a29970e1b7d7b96

  • SHA256

    29720fa52bddb9b54e84f807660adb533c5a939620055159b6998ab17e2617a4

  • SHA512

    4a888cf63d5e543872f0d97065398304198873870897d0c9b350f722a989664ba1f1e82b12b6f181a2c3c443dd07e23657c61df35b42452664c497d1ccb1c5f1

  • SSDEEP

    768:TRPD9OQhx/BV3Tw4e1dVFE9jLjOjhIbq:Td9OW/V3U4epFE9jfOjiG

Score
10/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

5.tcp.eu.ngrok.io:18375

Mutex

tZiqYUZCfdAQ8MEO

Attributes
  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • XClient.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections