General

  • Target

    XClient.exe

  • Size

    35KB

  • Sample

    241230-m9zqfavman

  • MD5

    12c0cbc2d0f63bd1cd8c98691f76155e

  • SHA1

    359d488e22eaa34af06a507619ce57ee0a566c7d

  • SHA256

    21c055d11db5522f2ce780528fad5b3eafa7edbac39d4336325c31d84955391e

  • SHA512

    bc7eb55cba3c0f49e7ddc93d531b1b2436e375ce0756bb4b8c975ea3113d21ee0bcebe3051191a12b88975d472874a4279a377b378766fc554bfe35769ebeacd

  • SSDEEP

    768:wIEsfHwPsQ7457enbg/VbcjZ4zF298IjOjh7n/pB:w+fHwPz7457v/KsF298IjOj5RB

Score
10/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

activities-dollar.gl.at.ply.gg:7000

Mutex

lHjDPdZZ5arxYrN3

Attributes
  • Install_directory

    %AppData%

  • install_file

    XClient.exe

aes.plain

Targets

    • Target

      XClient.exe

    • Size

      35KB

    • MD5

      12c0cbc2d0f63bd1cd8c98691f76155e

    • SHA1

      359d488e22eaa34af06a507619ce57ee0a566c7d

    • SHA256

      21c055d11db5522f2ce780528fad5b3eafa7edbac39d4336325c31d84955391e

    • SHA512

      bc7eb55cba3c0f49e7ddc93d531b1b2436e375ce0756bb4b8c975ea3113d21ee0bcebe3051191a12b88975d472874a4279a377b378766fc554bfe35769ebeacd

    • SSDEEP

      768:wIEsfHwPsQ7457enbg/VbcjZ4zF298IjOjh7n/pB:w+fHwPz7457v/KsF298IjOj5RB

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Xworm family

    • Drops startup file

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks