xworm | XClient[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

XClient.exe
Size

256KB
MD5

ad45eb0d9ef0335e5c3d97d94d4d6f39
SHA1

44281cac94bb2c9bd96852c3942b7c00eb180f47
SHA256

e4d37fa0a263fa21248ff9c183d8205456a5a155d1d9bef28987e112c0317574
SHA512

a981e6638643491fa0f065eb4cc930511a629443ffa16e40d0e44a0d5327ee74078a63cd7c741dd73dca537fa290f2e936e73acd7b7c4d60be7e7543528609af
SSDEEP

3072:c5OaR+RpozWbbYASJJNOeRlzRVnVHTphK:c5bwozWbbRSbHRVnVV

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

thought-intend.gl.at.ply.gg:15854

Attributes

Install_directory
%AppData%
install_file
discord.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
XClient.exe

Files

XClient.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ