General
-
Target
XClient.exe
-
Size
178KB
-
Sample
241029-zdfnxa1kdr
-
MD5
3972be7fec71a32108f86718c3a95bfe
-
SHA1
fbd365ed35cd49d5ddd1a93f7c30d78f899ee535
-
SHA256
edebf3e4b31f9e0ea2504d4e86e66d36b9975b9df341f4a06497293917b25a5f
-
SHA512
aef87a432c873b506b04411064385edf8c7d5e4a28f8e86a6f32e6336187754e0839b4005639e39d30ffbcdc3d88ce37de97aa26f3ff94fce84de356a12683f0
-
SSDEEP
1536:spTmR/yqpnrg+BETDrI2fQWbN57/BIx6rs6zmDV+OZjWa7jpysa7iAMI:sVmR/NnN+rIyVbNzkymDwOZaujpYuAf
Behavioral task
behavioral1
Sample
XClient.exe
Resource
win7-20241010-en
Malware Config
Extracted
xworm
-
Install_directory
%LocalAppData%
-
install_file
USB.exe
-
pastebin_url
https://pastebin.com/raw/H3wFXmEi
Targets
-
-
Target
XClient.exe
-
Size
178KB
-
MD5
3972be7fec71a32108f86718c3a95bfe
-
SHA1
fbd365ed35cd49d5ddd1a93f7c30d78f899ee535
-
SHA256
edebf3e4b31f9e0ea2504d4e86e66d36b9975b9df341f4a06497293917b25a5f
-
SHA512
aef87a432c873b506b04411064385edf8c7d5e4a28f8e86a6f32e6336187754e0839b4005639e39d30ffbcdc3d88ce37de97aa26f3ff94fce84de356a12683f0
-
SSDEEP
1536:spTmR/yqpnrg+BETDrI2fQWbN57/BIx6rs6zmDV+OZjWa7jpysa7iAMI:sVmR/NnN+rIyVbNzkymDwOZaujpYuAf
-
Detect Xworm Payload
-
Xworm family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-