Behavioral task
behavioral1
Sample
XClient.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
XClient.exe
Resource
win10v2004-20240709-en
General
-
Target
XClient.exe
-
Size
69KB
-
MD5
48fa37bfdbbae02582c9c42739dc44f5
-
SHA1
4e017bfab1c984ae34e00c4ce44f57be2341baf2
-
SHA256
17ad59dfa6de2b427c01c1b03eb02493952a733006055acdeb67703efd27d4ff
-
SHA512
ca25dcacffd03dcda468dee961b2f8259cb7e4d79231cbb011fea556a22851275947d6244eb6288dfde6291fd65a3d7a5acc01a8ab0b1fcb659a094e4399f62f
-
SSDEEP
1536:1O/LikbMcOrgKVs+8c+b+zl76uSr6nLyHuOwTiU9JJK:GLTOreC+b+Gk3OhU9Jo
Malware Config
Extracted
xworm
loss-winners.gl.at.ply.gg:1567
-
Install_directory
%AppData%
-
install_file
Expensive 3.1.exe
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource XClient.exe
Files
-
XClient.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 67KB - Virtual size: 66KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ