xworm | XClient[.]exe | Triage

Resubmissions

12/10/2024, 01:56

241012-cc3qqawfnb 10

12/10/2024, 01:40

241012-b3qcmszflk 10

Sharing

Copy URL Twitter E-mail

General

Target

XClient.exe
Size

86KB
MD5

5525b938e5fa70865105628ebbfa7ac6
SHA1

1195b9e802c5ffffce0c1ff0738ea5d620e56b00
SHA256

51ec726085367d634879ec43e7aebbd58ec0380f33deee91ced8b12948a3d298
SHA512

a92bb12fc9a528bd5592db9f34e2386fc4712937847e748d15b572b21e54d581966d9971e09ee8e5938437612b9ee5452a3291c74d64dca82aeef56e9c7bea9f
SSDEEP

1536:8Md/UIPf68u2oj9VQyXSp6Hb2SLGDGmTwm+mFYF/d93wOhW1CP/hxdjdvz:8JIPU2SA6Hb2SCwD/d93wOnP/hxdJz

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

jan-bunch.gl.at.ply.gg:15313

Attributes

Install_directory
%Temp%
install_file
WindowsTempUpdate.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
XClient.exe

Files

XClient.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ