General
-
Target
XClient.rar
-
Size
47KB
-
Sample
240801-ze5peszgmc
-
MD5
3e927f3cf005e86563edd2f8b9a010a7
-
SHA1
d3298614438c234c90cf4d979ea166211dd32e6f
-
SHA256
baa8ace81d5e51f20fea99bf6b8de26c594a2011b670883304e085e5a9847eb2
-
SHA512
a12f9f63aeefd7b46a28bba0d9266ae57ea8e1a1a1dd24ed00125d3d31d6c8e93fc448c183d5bc7c49b617e577c611bfa38ee7527f2584bfe5d4273b3e056558
-
SSDEEP
768:KJqOIafzF7rapluoLB4bkKxOxUR+ezEuauHG+YUqYm074Idsvv7L/jBhl+6NDNz8:XLaR7WbuoLQk1evrmIzm0EICvvRBbz8
Behavioral task
behavioral1
Sample
XClient.exe
Resource
win10v2004-20240730-en
Behavioral task
behavioral2
Sample
XClient.exe
Resource
win7-20240704-en
Behavioral task
behavioral3
Sample
XClient.exe
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
XClient.exe
Resource
win10v2004-20240730-en
Behavioral task
behavioral5
Sample
XClient.exe
Resource
win11-20240730-en
Behavioral task
behavioral6
Sample
XClient.exe
Resource
macos-20240711.1-en
Behavioral task
behavioral7
Sample
XClient.exe
Resource
macos-20240711.1-en
Malware Config
Extracted
xworm
full-self.gl.at.ply.gg:45212
-
Install_directory
%AppData%
-
install_file
XClient.exe
Targets
-
-
Target
XClient.exe
-
Size
80KB
-
MD5
bfa950b37b6a4f8de71af861e677a8b4
-
SHA1
2ee40bfbf2964d92c82256e5924169295dfdd225
-
SHA256
07f94f8f6061ba95899914496edc5854aa810de56797d9004875276d60e21ade
-
SHA512
235b514fac01b24edaef3aeb4209676789b6ba9264a8798cb7ae48c26d2455cdd8f254e92bbba688535acb69fd77b3c0a0a549cf97ece84c235cc74f72234e1a
-
SSDEEP
1536:EI5NuEGJkEtydWqZQSp1eS+b59gxzhfxdl/5m6qeo//3Oy/4IK4Dax5:Eg1GhtktQGAS+b59cJ4eA/OlINDab
-
Detect Xworm Payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-