General
-
Target
XClient.exe
-
Size
36KB
-
MD5
2e7cff3805523322f7c79b9ca2bbb483
-
SHA1
d6c5e49bccf6d943fbf5d1fbc84c1f36094adcd0
-
SHA256
b1e89e1937b9b3f7358f4edf03b85d1736c0b27a38f9feabd18ed86d7232814e
-
SHA512
5dd289fd0b0e0533b173c8a6cc0abe7877d4002849e5587fd5932b9e9c525fb74f7b682eaf5f26d4ed109ae6d2e2d1efbbcf5a083a4a4f562b5a29f4c6d6500c
-
SSDEEP
768:gMr+VtK66pUb56RJR2PmOe6W4tJ5Fyw99X6KO/hsyUVkx:gy+P6pUb56RuPu6jTFr99X6KO/izkx
Score
10/10
Malware Config
Extracted
Family
xworm
Version
5.0
C2
core-hook.gl.at.ply.gg:7242
Mutex
qhViM01lj6Yf904N
Attributes
-
Install_directory
%AppData%
-
install_file
USB.exe
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
XClient.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections