General
-
Target
XClient.exe
-
Size
68KB
-
Sample
240526-xxcp9ahf46
-
MD5
d70e28bc5d537045d9f49ed09641cd6c
-
SHA1
027084899e1fa20a22eaf4d15a6815e3c1d6379d
-
SHA256
a0466ffc10e366308a02c612d782bf46e90491b989591e64d6fa9f7364d036aa
-
SHA512
19e11314906e7e11365315e7137aa95ba2b24e0c68a0261e655c520dfd81c762ab58998bd2c7a981a7aba74faaa0a9af6865764e51d932fd95edf5d94bbe4771
-
SSDEEP
1536:e/JHKC4DZcHTR6yuc4RX7DaC+bIqiVo85jXP7GOaeen1+vaG0fkV:YL4DZcH2DRf1+bIqiVB9fKOonGaGxV
Behavioral task
behavioral1
Sample
XClient.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
XClient.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
xworm
IICAcro-58060.portmap.io:58060
-
Install_directory
%Public%
-
install_file
svchost.exe
Targets
-
-
Target
XClient.exe
-
Size
68KB
-
MD5
d70e28bc5d537045d9f49ed09641cd6c
-
SHA1
027084899e1fa20a22eaf4d15a6815e3c1d6379d
-
SHA256
a0466ffc10e366308a02c612d782bf46e90491b989591e64d6fa9f7364d036aa
-
SHA512
19e11314906e7e11365315e7137aa95ba2b24e0c68a0261e655c520dfd81c762ab58998bd2c7a981a7aba74faaa0a9af6865764e51d932fd95edf5d94bbe4771
-
SSDEEP
1536:e/JHKC4DZcHTR6yuc4RX7DaC+bIqiVo85jXP7GOaeen1+vaG0fkV:YL4DZcH2DRf1+bIqiVB9fKOonGaGxV
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Detect Xworm Payload
-
Drops startup file
-
Loads dropped DLL
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-