General
-
Target
XClient.exe
-
Size
32KB
-
MD5
9482306aafdec4632c652abc9aac9587
-
SHA1
8d4044f19456e26cd8e60c754e9645a143d9cef2
-
SHA256
e24cb62cc532d26a9b2052385217eae6ade20827b50ecda9b2fc6cb94a3d8e38
-
SHA512
7e8c4c9e9cd819cbc86ad0da7c0cd2e7ef66731e7a7d4659ae0f909b472fe14a9c7d56f7950c027c52ce98892c73b11d05ffaab97b5c6aef95f11f58d4066313
-
SSDEEP
768:TVa+vNtg+PB93Tw4e1dVFE9jddOjhZbI:zvNtgw93U4epFE9jnOj70
Score
10/10
Malware Config
Extracted
Family
xworm
Version
5.0
C2
192.168.200.176:7000
Mutex
SMI8rDn1whbO2Gj6
Attributes
-
install_file
USB.exe
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
XClient.exe
Password: 1234
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections