General

  • Target

    XClient.exe

  • Size

    178KB

  • Sample

    241029-zdfnxa1kdr

  • MD5

    3972be7fec71a32108f86718c3a95bfe

  • SHA1

    fbd365ed35cd49d5ddd1a93f7c30d78f899ee535

  • SHA256

    edebf3e4b31f9e0ea2504d4e86e66d36b9975b9df341f4a06497293917b25a5f

  • SHA512

    aef87a432c873b506b04411064385edf8c7d5e4a28f8e86a6f32e6336187754e0839b4005639e39d30ffbcdc3d88ce37de97aa26f3ff94fce84de356a12683f0

  • SSDEEP

    1536:spTmR/yqpnrg+BETDrI2fQWbN57/BIx6rs6zmDV+OZjWa7jpysa7iAMI:sVmR/NnN+rIyVbNzkymDwOZaujpYuAf

Score
10/10

Malware Config

Extracted

Family

xworm

Attributes
  • Install_directory

    %LocalAppData%

  • install_file

    USB.exe

  • pastebin_url

    https://pastebin.com/raw/H3wFXmEi

Targets

    • Target

      XClient.exe

    • Size

      178KB

    • MD5

      3972be7fec71a32108f86718c3a95bfe

    • SHA1

      fbd365ed35cd49d5ddd1a93f7c30d78f899ee535

    • SHA256

      edebf3e4b31f9e0ea2504d4e86e66d36b9975b9df341f4a06497293917b25a5f

    • SHA512

      aef87a432c873b506b04411064385edf8c7d5e4a28f8e86a6f32e6336187754e0839b4005639e39d30ffbcdc3d88ce37de97aa26f3ff94fce84de356a12683f0

    • SSDEEP

      1536:spTmR/yqpnrg+BETDrI2fQWbN57/BIx6rs6zmDV+OZjWa7jpysa7iAMI:sVmR/NnN+rIyVbNzkymDwOZaujpYuAf

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Xworm family

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks