General
-
Target
XClient.exe
-
Size
43KB
-
MD5
b5cc96820c23ae9241f31f69ae0f4bd1
-
SHA1
2b34b1d40aaee3ad827f2f52c607078331bfa5d0
-
SHA256
282393aa38b758eb429d55acbfc2df1638741ee18eaa2fccf1ea638e396c1606
-
SHA512
3a08f0fa346c5a3823154d549c997aad2932c34c4d367729c89802a06029ae8dcdba9b053b93ebb279505f3aa96cdfa0d1addccd13065959be4fcec4553c15b0
-
SSDEEP
768:dOWZMZifma/E0s5qYhA4J1QD8PReLOY9bdJ5Zua6GhOOw2joI:dRv/ruAApiP9bf5V6GsOnjoI
Score
10/10
Malware Config
Extracted
Family
xworm
Version
5.0
C2
23.ip.gl.ply.gg:51353
<Xwormmm>:1
Mutex
BsBmfJJT3ix8SkJS
Attributes
-
Install_directory
%LocalAppData%
-
install_file
svchost.exe
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
XClient.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections