General
-
Target
XClient.exe
-
Size
37KB
-
Sample
240622-lebvfssepf
-
MD5
f6eb9a7bdc41185de0e6a5b09ec1eda6
-
SHA1
a05e1964411a3006041f639f65e5a6a8015bc560
-
SHA256
2e78b6c3e87117b35c33248f5d0c7ece9d33b2b5090861438b5d70caf9dc1bc9
-
SHA512
b0cb80465d052fc00b634fe307870bdeced87444486f9ddb403185e3d8904667561338c610f98ae2cc85c532ed0c741e624802bf78cc7351eab47e9d056e5262
-
SSDEEP
768:e5gTXwbLsAheofRhOUOe9tLFyc9PKIO/hYDy0T:e5gTgUAhHLOSF39PKIO/H0T
Behavioral task
behavioral1
Sample
XClient.exe
Resource
win11-20240611-en
Malware Config
Extracted
xworm
5.0
modern-educators.gl.at.ply.gg:23695
p7UcGSBIQBinevq7
-
Install_directory
%Userprofile%
-
install_file
USB.exe
Targets
-
-
Target
XClient.exe
-
Size
37KB
-
MD5
f6eb9a7bdc41185de0e6a5b09ec1eda6
-
SHA1
a05e1964411a3006041f639f65e5a6a8015bc560
-
SHA256
2e78b6c3e87117b35c33248f5d0c7ece9d33b2b5090861438b5d70caf9dc1bc9
-
SHA512
b0cb80465d052fc00b634fe307870bdeced87444486f9ddb403185e3d8904667561338c610f98ae2cc85c532ed0c741e624802bf78cc7351eab47e9d056e5262
-
SSDEEP
768:e5gTXwbLsAheofRhOUOe9tLFyc9PKIO/hYDy0T:e5gTgUAhHLOSF39PKIO/H0T
Score10/10-
Detect Xworm Payload
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1