General
-
Target
XClient2.0.exe
-
Size
49KB
-
MD5
4bc1fc7bd293ae29414b243f54be1d85
-
SHA1
cbfa9badc68f2bf134c7a7d2723254f947bfb479
-
SHA256
44b50f871a9713543b6ebd4c765fed3a55c8f2c2981787f0f986fad7310d72bc
-
SHA512
82c19be242ae014c0a42ed8f9962d4266bd7950edf42acb779c86a78678f1fe9b31a9f311f1271f849ff28afdb3eca7f01988c57c82f6cabdaf02c00b8f2ac3c
-
SSDEEP
768:2VzU9lChhfBJWGC0mEj8eOEWtZCOhzn7kbFcNiDCizyOMO3h3Ep:HSJLAe7Wt97kbFcNi+izgO3+
Score
10/10
Malware Config
Extracted
Family
xworm
C2
remote-newest.gl.at.ply.gg:62113
fund-scared.gl.at.ply.gg:62113
Attributes
-
Install_directory
%Userprofile%
-
install_file
win64updater.exe
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
XClient2.0.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections