xworm | XClient[.]exe

General

Target

XClient.exe
Size

33KB
MD5

6e32544bae973a761b8a80d87487c892
SHA1

f555ce7e793fcc151229854ce111f334d2ad3adf
SHA256

86dcaaef24b87c50546ec8eab1f185a74a3c96276f1750287b5993f18f5501d7
SHA512

130febf6b780a637022fdc28ff81f1b2e79e9a363ad1a4fa2fff9918847ec794b3fbf78b333cd8ad43b881014e58044c9c2c6f6b9b94eb8f51fc33dd8205cdb4
SSDEEP

384:MXmJZbvG5B0aLFg/hLmMm3Tm2eaFOkOdRApkFTBLTsOZwpGd2v99Ikuis2VFxOjg:2ExvK7SN9m3Tw4dOdVFE9jBOjh2bJ

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

147.185.221.18:5551

127.0.0.1:5551

193.161.193.99:5551

tcp://xstrong4-33295.portmap.io:5551

10.9.117.106:5551

Mutex

eEosOWH8VsLxyK4i

Attributes

install_file
USB.exe

aes.plain

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
XClient.exe

Files

XClient.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 30KB - Virtual size: 30KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 30KB - Virtual size: 30KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B