General
-
Target
XClient.exe
-
Size
83KB
-
MD5
85156d92b81b2d5f31705bf164c69123
-
SHA1
d2eea63be46a0d1664498b2a04bcbd1ae72d9d0e
-
SHA256
3542e84465e618e3892df9620924606c75c16d48d0175aeb25f878d49c0fc668
-
SHA512
ef4cc6592dfd7b03ef7d0c2bbd8e323c712d266983a7c6af0be0584ae0384eb32c10eb15bd471ec82403deecffd11ba14ecb3563b42a97694ad2c47b7c250c9d
-
SSDEEP
1536:WmCB99gULiG9FeOxFEC5+bl6aAv6JOjb5KYxSeUz64fUX80:lCmEiG9FDbx5+bl66OpX6hcX80
Score
10/10
Malware Config
Extracted
Family
xworm
C2
firsyt205919-48538.portmap.host:48538
firsyt205919-48538.portmap.host:48538:48538
Attributes
-
Install_directory
%ProgramData%
-
install_file
winrar.exe
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
XClient.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections