General
-
Target
XClient.exe
-
Size
35KB
-
Sample
241230-nag7savmar
-
MD5
b111cac4ac3407a1fc36a34bdaf9d071
-
SHA1
3e2ab4b89d89043dc46b8e78deb60f98cbc2fb60
-
SHA256
5e099e3e64f44cbe3e805a261a12762b70a1cedf9768f31ea58ed3eadf1d77f9
-
SHA512
251c453e2e587bf9c4008099f3d920da75a3dc9ae4d502c59858cc59e1c96d9e04ff963090b81bec935f209b5719aad20050b5275263e7356bdbbeeb7576f7f0
-
SSDEEP
768:ZKJ3AfZXAnIBsI2HT4XVbcjZ4zF298khOjh/n/pS:q3Af1AnIBsIXXKsF298khOjxRS
Behavioral task
behavioral1
Sample
XClient.exe
Resource
win7-20241010-en
Malware Config
Extracted
xworm
5.0
24.ip.gl.ply.gg:7000
SB4eAri2Zx0UeiA5
-
Install_directory
%AppData%
-
install_file
XClient.exe
Targets
-
-
Target
XClient.exe
-
Size
35KB
-
MD5
b111cac4ac3407a1fc36a34bdaf9d071
-
SHA1
3e2ab4b89d89043dc46b8e78deb60f98cbc2fb60
-
SHA256
5e099e3e64f44cbe3e805a261a12762b70a1cedf9768f31ea58ed3eadf1d77f9
-
SHA512
251c453e2e587bf9c4008099f3d920da75a3dc9ae4d502c59858cc59e1c96d9e04ff963090b81bec935f209b5719aad20050b5275263e7356bdbbeeb7576f7f0
-
SSDEEP
768:ZKJ3AfZXAnIBsI2HT4XVbcjZ4zF298khOjh/n/pS:q3Af1AnIBsIXXKsF298khOjxRS
-
Detect Xworm Payload
-
Xworm family
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-