General

  • Target

    XClient.exe

  • Size

    35KB

  • MD5

    40a096be21131faf1c975650b8ba4bc4

  • SHA1

    c91252676f2a152ff5ad84218f93df5fb863d5fb

  • SHA256

    fb5db25e5bf29061816d79d3ee266be78ce2931c8c282da6edf5f2aba9ee4bf5

  • SHA512

    199defcc47ad850c91b1ced41d4e03b0a8d77e3ddf5ba61a6139712b52add849caec51d6f35d3cf54ef1ec73f4be294482ae31b4f7b1c061217eb3194accecee

  • SSDEEP

    768:o6x4gIgFXhi9zef/rT6T609yA/v55FyK9juF6pOjh8yK:o6x4gIEhbT08A/vjF39juF6pOj2D

Score
10/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

area-translator.gl.at.ply.gg:7895

Mutex

nInTQ4y6Nk8jIESf

Attributes
  • Install_directory

    %AppData%

  • install_file

    astrorunners.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • XClient.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections