xworm | XClient[.]exe | Triage

Resubmissions

05/10/2024, 01:57

241005-cdpkgstand 10

05/10/2024, 01:54

241005-cbtresshpb 10

Sharing

Copy URL Twitter E-mail

General

Target

XClient.exe
Size

58KB
MD5

aabd6e620be1d2d18a48236bc776828c
SHA1

c11cac0a1e8c8214cc54578bfa160e43b9b65ae7
SHA256

edf8fdf743e5b65123ed9094e5aada0945c98c113eb191156389ed6f6b50dd6e
SHA512

88dd1d106f138ca95189d9f3428e4e381b0b606709ef68e72e216617d418a769033de12b59fb20fcffd7429e58832b6ddcec7752e90676ebf6217d08e934c33b
SSDEEP

1536:YlQ73GJBHWW4XVmuq79bf4C54y6O/OYZWaOfaw:n73GbWWn9bfo+OYOaw

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

193.161.193.99:59410

Attributes

Install_directory
%AppData%
install_file
USB.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
XClient.exe

Files

XClient.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ