General
-
Target
XClient.exe
-
Size
40KB
-
MD5
9b24b6da49573d1c33c0e1fda8b0a8a3
-
SHA1
7c6101feb3c3d0beef44d81242671dc3c6c3c5e0
-
SHA256
5fd91fa8e4270ebe8649dca1af0688479d9be13cb13038b8287c3d4ed0858c00
-
SHA512
e9d427b39d3fed73e143af0134b9c41f139ee2b6433374c41c2e9b69f0de24dd493175240c6bb2eac7a388f5135f011233de86bea1bba01d1d28d86d81a6ec22
-
SSDEEP
768:uUIDwCrxY4mpc9i32v6hCuuJf27iJ1fFWPG9/rJ6OOwhVjibJ:udDwCFY4gckGwCuuJfBFv9/rJ6OOwbO9
Score
10/10
Malware Config
Extracted
Family
xworm
Version
5.0
C2
oh-guaranteed.gl.at.ply.gg:41663
Mutex
zsrzWUNtSUtIdsmT
Attributes
-
Install_directory
%Userprofile%
-
install_file
System32.exe
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
XClient.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections