Behavioral task
behavioral1
Sample
XClient21.exe
Resource
win10v2004-20241007-en
General
-
Target
XClient21.exe
-
Size
65KB
-
MD5
1f0562410589065ddf2069df97270eb0
-
SHA1
8c96e3b03034a206e5fe6146cbfc08c425215a04
-
SHA256
0bc6914fa7a3303d3a3a3682c17402b1fa5a55f95b9f05b8e01b5cd7b589435f
-
SHA512
98e3cc133e91a0fb8c7d169abfc53d461fdb654d656cda7ff259fa88f918288f80f0ea4b2e185b861f211ec6b7246a82d3dccb52ba623ebc7ba0565339c5c59d
-
SSDEEP
1536:hdS7RGHg/yHtTyn/xb1h+bkCtFZ62yInODbOxI9Pm:fSWgKqxb1h+bkGyInODbOxIlm
Malware Config
Extracted
xworm
teaching-ada.gl.at.ply.gg:30074
-
Install_directory
%Temp%
-
install_file
svhost.exe
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource XClient21.exe
Files
-
XClient21.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 62KB - Virtual size: 62KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ