General
-
Target
XClient.exe
-
Size
37KB
-
MD5
3192699219fce9572a223011c8063cf4
-
SHA1
666d5d239a5546e61033a71c96b8fed0173185f4
-
SHA256
2b624e9c6e2d7bb3bb2d96482f21ee05143124183ecf0b68407348ae485a1bf0
-
SHA512
9f304aa16c311df133985bf1e039e0a09f4d3b32ef6d3a1fd5a2f61aedc301d036293cd63f384b74c77f276fd6766804481eab053e454bf83f7d4baa1abce204
-
SSDEEP
768:hTafJRPSlKImYO2DXFyp9ORvo6YOjhsPyVGc:hTKJqM2TF09Mvo6YOjmJc
Score
10/10
Malware Config
Extracted
Family
xworm
Version
5.0
C2
ensure-manual.gl.at.ply.gg:9321
Mutex
NY0XE2QCMDcXK1Wm
Attributes
-
Install_directory
%AppData%
-
install_file
dllhost.exe
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
XClient.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections