xworm | XClient[.]exe | Triage

Sharing

General

Target

XClient.exe
Size

41KB
MD5

5c62d9be667e8d03c0ef82fb4b74c965
SHA1

25836658f7421e5c7ad842e8a01bfaeeee1ced33
SHA256

fed171984a55cc4e3a005fe373e2c28f62d81324674bbeeaba1f95db97a2c8e9
SHA512

a25ddef859675a66a6452421bec9a8593dc77bfa06ac0c704fe1907ecdc903458c4f2383a29d3e3d56158a22248c3d34fe92d20ee346f42e6949cfc9d4120553
SSDEEP

768:w0mrJDweBDuOkScrbsN/x6WECAr43MxfJF5Pa9p+e6iOwha3/ibR:n0DwewicrbsN/YDRrNRF49Ie6iOw0a1

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

category-rose.gl.at.ply.gg:36607

Mutex

MRlIn8FGfPEd7YaA

Attributes

Install_directory
%AppData%
install_file
USB.exe

aes.plain

Signatures

Detect Xworm Payload 1 IoCs

Processes:

resource yara_rule

sample family_xworm
Xworm family
xworm
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

XClient.exe

Files

XClient.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ