General

  • Target

    XClient.exe

  • Size

    71KB

  • MD5

    01044360b0c252a86a9d68382fb20969

  • SHA1

    2f19bbd0574edb6336bac4eadaf380c65adae066

  • SHA256

    403bc4e1a1e146575f28bd608277dbcc1da05da3a1ac0e6d0535ef41fa34445b

  • SHA512

    0681ffa88967c6a6fff3f6554c5f5d1ebf25d8692d87ae493fc56be44dab56b30676529fffea62c408848d483b1e13fe8b9b13c796a8be06f6495f7b99d05b7d

  • SSDEEP

    1536:vKlNuy6U4yZ3RPeIhEis2Om9b+PY/f6aLxwOLwpWj7Fgj:veNu8BZhP8t2lb+w/1LxwOU4j76j

Score
10/10

Malware Config

Extracted

Family

xworm

C2

21.ip.gl.ply.gg:31058

Attributes
  • Install_directory

    %AppData%

  • install_file

    svcshost.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • XClient.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections