General

  • Target

    XClient.exe

  • Size

    217KB

  • MD5

    aafb349d724a1b6ee29e233ce3de9fe2

  • SHA1

    6273688fc2a2f1216c4eab81232d03c65cd4745f

  • SHA256

    3004ad4cc1142ca3483bba1a3e5c2244802c0d2df43ba3c066056e2ba8ef1046

  • SHA512

    533af2f1093638fb181e43c9b12ff3e0fa4f599c824b1ec31181f86306cf7d626820a5cf7e70908cb21d77d91d7e6b7b09c696e056092fe3de0eb273f1d81618

  • SSDEEP

    1536:ZZrLnQSYxHCNJ9SEX+b8oeEVy6D5O3A8wunl+g5zU730/jyY:ZFQxHCNPD+b8+7O3AJC+L3HY

Score
10/10

Malware Config

Extracted

Family

xworm

C2

20.ip.gl.ply.gg:25725

<Xwormmm>:123

Attributes
  • Install_directory

    %Temp%

  • install_file

    chiacago.exe

  • telegram

    https://api.telegram.org/bot7378508941:AAFi7xPXoDjOY7Whre_FGKytWzP0LZ_WBF8/sendMessage?chat_id=6877286426

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • XClient.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections