General
-
Target
XClient.exe
-
Size
35KB
-
Sample
241230-m9zqfavman
-
MD5
12c0cbc2d0f63bd1cd8c98691f76155e
-
SHA1
359d488e22eaa34af06a507619ce57ee0a566c7d
-
SHA256
21c055d11db5522f2ce780528fad5b3eafa7edbac39d4336325c31d84955391e
-
SHA512
bc7eb55cba3c0f49e7ddc93d531b1b2436e375ce0756bb4b8c975ea3113d21ee0bcebe3051191a12b88975d472874a4279a377b378766fc554bfe35769ebeacd
-
SSDEEP
768:wIEsfHwPsQ7457enbg/VbcjZ4zF298IjOjh7n/pB:w+fHwPz7457v/KsF298IjOj5RB
Malware Config
Extracted
xworm
5.0
activities-dollar.gl.at.ply.gg:7000
lHjDPdZZ5arxYrN3
-
Install_directory
%AppData%
-
install_file
XClient.exe
Targets
-
-
Target
XClient.exe
-
Size
35KB
-
MD5
12c0cbc2d0f63bd1cd8c98691f76155e
-
SHA1
359d488e22eaa34af06a507619ce57ee0a566c7d
-
SHA256
21c055d11db5522f2ce780528fad5b3eafa7edbac39d4336325c31d84955391e
-
SHA512
bc7eb55cba3c0f49e7ddc93d531b1b2436e375ce0756bb4b8c975ea3113d21ee0bcebe3051191a12b88975d472874a4279a377b378766fc554bfe35769ebeacd
-
SSDEEP
768:wIEsfHwPsQ7457enbg/VbcjZ4zF298IjOjh7n/pB:w+fHwPz7457v/KsF298IjOj5RB
-
Detect Xworm Payload
-
Xworm family
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-