General
-
Target
XClient.exe
-
Size
57KB
-
MD5
48224339ca9498fd00aac04870523b24
-
SHA1
f23d5a012f0cba062aa8ccbe679c6e3c35ff0360
-
SHA256
e5d3107bbe8fa2a61a54c9ec7a7e96da1f5224d348fa51fb04a5f352547cb3f5
-
SHA512
a86d191282075a350f6424085ce70169d3540b1eee8125b507cbc5782193ed0b479c2e9a008a76e52455299b859feb23afcd3adefd9d15653a6d2465794f101c
-
SSDEEP
1536:R4bbqnPISXvvgjFI9AES6vOwLFU/bqQMuof6j:RSqPpvvgjFI9AErOw6qB6j
Malware Config
Extracted
xworm
5.0
late-unfortunately.gl.at.ply.gg:6969
192.168.1.60:6969
RxCivvaHeNQW7KBK
-
Install_directory
%AppData%
-
install_file
USB.exe
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource XClient.exe
Files
-
XClient.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ