General

  • Target

    XClient.exe

  • Size

    74KB

  • MD5

    570718b041b59c6ace532314286473a1

  • SHA1

    9760284eed2c0ebe08fc256246ed4e7f30df0830

  • SHA256

    ca24522a1627a9d41f0d2aa952ecf915e837e5d41393e377d0bd261a778213c8

  • SHA512

    caa3710135ec4a4f637b33fac93aec21f7a1c8e2aa051ee768aeb1560e92b0440ee17d57aeace941d6cf2204afc19d3ad06f61776658d3320c0f2af2091adb14

  • SSDEEP

    1536:iKZOYepOg+to1W+b9Zikfy+e25h6VzeRcPBDOZiqsTEKPg:i1UzoU+b3Be2hmBDOZGTng

Score
10/10

Malware Config

Extracted

Family

xworm

C2

it-postage.gl.at.ply.gg:31102

Attributes
  • Install_directory

    %Userprofile%

  • install_file

    Windows defender.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • XClient.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections