xworm | XClient[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

XClient.exe
Size

85KB
MD5

a719f9cd8e5ce831cb9f729d10495765
SHA1

4efd6ee97bb726fa8d295a799db7da42dfeecfd1
SHA256

894ca2c276c181ae2f3deb2e228332b6d576d242b812972544d5d6cae428771b
SHA512

d23077cf014e5fb484f8d243182e684a067b04ddf86a25e19fee427671742ff4c2f578c2ca0453f69755c2f47168dd1b8b034c3637da15382259ec2271c6853a
SSDEEP

1536:bMsmpNWXMadKvexU3xg4B9DobHdFkV+6JkxLvomOYnErdYd:INj33xg4B2b9uUnOuZd

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:2312

prev-revenge.gl.at.ply.gg:2312

Attributes

Install_directory
%AppData%
install_file
XClient.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
XClient.exe

Files

XClient.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ