General
-
Target
b28a8d5f353b5a82b36efa770c99497b32b9570ff9db64cd7d99c00699c413b8
-
Size
202KB
-
Sample
240526-cb476aag2s
-
MD5
169b9d2b0e1aa9b802aad505cd61a44b
-
SHA1
026d09de7e27ad7ad9caea77b95e303b1266aa8e
-
SHA256
b28a8d5f353b5a82b36efa770c99497b32b9570ff9db64cd7d99c00699c413b8
-
SHA512
d047ce411163b62fab1388228a196ddc0f746ae2ae911dce19f19c55e15612de5ee81827c41d3b74f2189ea3035980a635b3712c8707b4ac5e59e2bb0840208f
-
SSDEEP
3072:Sk2csTa8rJFf9HVUOM/8SKfbzxcwg7es6/Vsb8VKTup49oJMfF/H9N3Ky9NzLnS:SDTauf9aUhcX7elbKTuq9bfF/H9d9n
Behavioral task
behavioral1
Sample
b28a8d5f353b5a82b36efa770c99497b32b9570ff9db64cd7d99c00699c413b8.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b28a8d5f353b5a82b36efa770c99497b32b9570ff9db64cd7d99c00699c413b8.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
xworm
5.0
127.0.0.1:52124
147.185.221.19:52124
apN8vjmcKzKVTJXX
-
Install_directory
%Temp%
-
install_file
XClient.exe
Targets
-
-
Target
b28a8d5f353b5a82b36efa770c99497b32b9570ff9db64cd7d99c00699c413b8
-
Size
202KB
-
MD5
169b9d2b0e1aa9b802aad505cd61a44b
-
SHA1
026d09de7e27ad7ad9caea77b95e303b1266aa8e
-
SHA256
b28a8d5f353b5a82b36efa770c99497b32b9570ff9db64cd7d99c00699c413b8
-
SHA512
d047ce411163b62fab1388228a196ddc0f746ae2ae911dce19f19c55e15612de5ee81827c41d3b74f2189ea3035980a635b3712c8707b4ac5e59e2bb0840208f
-
SSDEEP
3072:Sk2csTa8rJFf9HVUOM/8SKfbzxcwg7es6/Vsb8VKTup49oJMfF/H9N3Ky9NzLnS:SDTauf9aUhcX7elbKTuq9bfF/H9d9n
Score10/10-
Detect Xworm Payload
-
Detects Windows executables referencing non-Windows User-Agents
-
Adds Run key to start application
-