Overview

overview

10

Static

static

10

XwsadwasClient.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    XwsadwasClient.exe

  • Size

    41KB

  • MD5

    e575f0b2f9ae9fad0708194974763a75

  • SHA1

    2667a29bfbabbf294cf174a974a5697c2169eb97

  • SHA256

    4922578003441503e4c9aa0be3473df1bc15edd756d55413313597da47192226

  • SHA512

    296cf49462fc03391cc0c223e766f3945cc2496a1c342ae8dff4437a527a2169a91dbd0c746bcbe4308f6c742e940135ff9c7b10b90f9d99072ab1d2b7b512d9

  • SSDEEP

    768:3tAMOC0RGU2L7CAr43MxfJF5Pa9p+Ng6iOwhr3/ib7:3/l0RGNvRrNRF49I66iOwdaH

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

147.185.221.19:33365

147.185.221.19:2137:33365
Mutex

tccRidU0e2eHax6f

Attributes
  • Install_directory

    %AppData%

  • install_file

    Wiindows Update.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • XwsadwasClient.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections