General

  • Target

    XClient.exe

  • Size

    35KB

  • Sample

    241230-m77m9sxpdy

  • MD5

    b111cac4ac3407a1fc36a34bdaf9d071

  • SHA1

    3e2ab4b89d89043dc46b8e78deb60f98cbc2fb60

  • SHA256

    5e099e3e64f44cbe3e805a261a12762b70a1cedf9768f31ea58ed3eadf1d77f9

  • SHA512

    251c453e2e587bf9c4008099f3d920da75a3dc9ae4d502c59858cc59e1c96d9e04ff963090b81bec935f209b5719aad20050b5275263e7356bdbbeeb7576f7f0

  • SSDEEP

    768:ZKJ3AfZXAnIBsI2HT4XVbcjZ4zF298khOjh/n/pS:q3Af1AnIBsIXXKsF298khOjxRS

Score
10/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

24.ip.gl.ply.gg:7000

Mutex

SB4eAri2Zx0UeiA5

Attributes
  • Install_directory

    %AppData%

  • install_file

    XClient.exe

aes.plain

Targets

    • Target

      XClient.exe

    • Size

      35KB

    • MD5

      b111cac4ac3407a1fc36a34bdaf9d071

    • SHA1

      3e2ab4b89d89043dc46b8e78deb60f98cbc2fb60

    • SHA256

      5e099e3e64f44cbe3e805a261a12762b70a1cedf9768f31ea58ed3eadf1d77f9

    • SHA512

      251c453e2e587bf9c4008099f3d920da75a3dc9ae4d502c59858cc59e1c96d9e04ff963090b81bec935f209b5719aad20050b5275263e7356bdbbeeb7576f7f0

    • SSDEEP

      768:ZKJ3AfZXAnIBsI2HT4XVbcjZ4zF298khOjh/n/pS:q3Af1AnIBsIXXKsF298khOjxRS

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Xworm family

    • Drops startup file

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks