General

  • Target

    XClient.exe

  • Size

    55KB

  • Sample

    240825-k73cfayarl

  • MD5

    10cd865afb039c396fe4d51d45b06e90

  • SHA1

    91de8eb5075f2a7ee1fa3cd39ee8d9e26dbe8546

  • SHA256

    5a9678c133518ce71e1b43752d57d604d707c0ac2429839a9dad345ecd7aed16

  • SHA512

    472db1787fc76c49f9285fe3a4a4b3859695ea413ac741229e92b0632bbf7ed9a75e540921a0e29308db2d22dcc53f135b85989eef75670452f69921e5fe84ea

  • SSDEEP

    1536:NUeOUiiHirUJIVH9N+kLeKkbO+Loy9NaOKJOL:N1iwi+ZKkbO+BNaOKe

Malware Config

Extracted

Family

xworm

C2

22.ip.gl.ply.gg:7543

Attributes
  • Install_directory

    %AppData%

  • install_file

    Soft.exe

Targets

    • Target

      XClient.exe

    • Size

      55KB

    • MD5

      10cd865afb039c396fe4d51d45b06e90

    • SHA1

      91de8eb5075f2a7ee1fa3cd39ee8d9e26dbe8546

    • SHA256

      5a9678c133518ce71e1b43752d57d604d707c0ac2429839a9dad345ecd7aed16

    • SHA512

      472db1787fc76c49f9285fe3a4a4b3859695ea413ac741229e92b0632bbf7ed9a75e540921a0e29308db2d22dcc53f135b85989eef75670452f69921e5fe84ea

    • SSDEEP

      1536:NUeOUiiHirUJIVH9N+kLeKkbO+Loy9NaOKJOL:N1iwi+ZKkbO+BNaOKe

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks