General
-
Target
XCli222ent.exe
-
Size
314KB
-
Sample
241030-1yxctssbpe
-
MD5
c86ec7b95c6bf88c94259b791b766f77
-
SHA1
fe8ae19dbec24245530ab97c54808e940124e813
-
SHA256
31dc2e0e3f92960527f4a953773df389161d9d2aab54cdb85477fb4577b5ad0b
-
SHA512
403f56e9ef92e361cd5fe27f1e5332e2cad7c5706399ac03b2bad657f0e4fe48189109859bc7154227fe75715487037dbe9e375a50556efb72beb0ea4ebd5dcf
-
SSDEEP
3072:Y4JiymkbRdOOZf2l4mJe7UmuLchHPHo4bqRH33qGCNxxO5:Y4JlbIl4miUdLchvo4OlnqR
Behavioral task
behavioral1
Sample
XCli222ent.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral2
Sample
XCli222ent.exe
Resource
win10ltsc2021-20241023-en
Malware Config
Extracted
xworm
23.ip.gl.ply.gg:8080
127.0.0.1:8080
-
Install_directory
%AppData%
-
install_file
svchost.exe
Targets
-
-
Target
XCli222ent.exe
-
Size
314KB
-
MD5
c86ec7b95c6bf88c94259b791b766f77
-
SHA1
fe8ae19dbec24245530ab97c54808e940124e813
-
SHA256
31dc2e0e3f92960527f4a953773df389161d9d2aab54cdb85477fb4577b5ad0b
-
SHA512
403f56e9ef92e361cd5fe27f1e5332e2cad7c5706399ac03b2bad657f0e4fe48189109859bc7154227fe75715487037dbe9e375a50556efb72beb0ea4ebd5dcf
-
SSDEEP
3072:Y4JiymkbRdOOZf2l4mJe7UmuLchHPHo4bqRH33qGCNxxO5:Y4JlbIl4miUdLchvo4OlnqR
Score10/10-
Detect Xworm Payload
-
Xworm family
-
Drops startup file
-
Adds Run key to start application
-