General
-
Target
XClient.exe
-
Size
332KB
-
MD5
cd2d8354955a91f613813dbd176efd0a
-
SHA1
916c473df5c267ada491d2a1d4b6bb6f78ed39f8
-
SHA256
b7d824d58412eb777e1a924dd1a13e1f3b209f13ecbb92eb56b349a49c292318
-
SHA512
f5284460d5af15634e543127b57eb2d0ee8704fc7d8ba77708cd52f2c77def77c6e8d27ea10efc64ebd138af5b159751d54c8487e06ae13dad26e1e0510bfa12
-
SSDEEP
1536:L9Ue/OFf8cUIiSaO/qgnAiUO0u4vDY+bkOLzCTZ+dEgUMKwaOg/BPpWsFGfFuAYU:pUe2JASa6/UlY+bkOiTZ+dEpOg/H+
Score
10/10
Malware Config
Extracted
Family
xworm
C2
rat234678235481254.ddns.net:4782
<Xwormmm>:1234
Attributes
-
Install_directory
%AppData%
-
install_file
Runtime Broker.exe
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
XClient.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections