General
-
Target
XClie2nt.exe
-
Size
321KB
-
MD5
37c1287dc27dbeaa0bff7ba6cb5e4a77
-
SHA1
ecd1109a9ef42d06510d63e733725177ef00034a
-
SHA256
f95ed314284ad238bdf3d9277c9fd167229958d4d8027b7f198389964c91a202
-
SHA512
3fc2bc30ed9910b3bbcfbb6ad62fa70f11df7e15d2c1f7e7bf8ec328f04cd7434bd45197b4792496619ecde45495607d6b11b958011664cc0246d399fd3772d5
-
SSDEEP
1536:PVdEFYXtycU1aELbRR+bAxClpygbK+EaOhQoKVoPCQsFGfFuAYCRAutPsAzAUCBa:PVdEq9WjT+b2kzbwaOCBK
Score
10/10
Malware Config
Extracted
Family
xworm
C2
rat234678235481254.ddns.net:4782
<Xwormmm>:1234
Attributes
-
Install_directory
%AppData%
-
install_file
Runtime Broker.exe
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
XClie2nt.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections