xworm | XClient111[.]exe | Triage

Sharing

General

Target

XClient111.exe
Size

75KB
MD5

1c7d67e357a4c6f86fde169b8fa74639
SHA1

4168ae0daa5e17cd0928c7542e49bde8490acdb9
SHA256

4094fea68e7a41431fe15eaf1ebbf4d88d20c10e01d4c32e4b466757e626964f
SHA512

a9b87f16bd144568182d2f2dc19855d57be54b73f3066cbfc299f6132b41cd2cd49fdd4d2921d2dedf17b05f5a244c9b41dc8ff500140cbe760e11daf9038205
SSDEEP

1536:9zpyggc1VrFL5n1yubpKAXcbK8ni9o26XvmOpqKnKE1J:9lEaFVn1zbzsbKh9oPvmOIiJ

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

5.166.171.54:5552

Attributes

Install_directory
%Temp%
install_file
CelestialUpdate.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
XClient111.exe

Files

XClient111.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ