Behavioral task
behavioral1
Sample
XClient.exe
Resource
win7-20240903-en
General
-
Target
XClient.exe
-
Size
80KB
-
MD5
2549b9c24b00e10d1d1b19ed18abea56
-
SHA1
71135d2dccd4f4cdcefdd0cf2b59fe7d7fa51897
-
SHA256
89751d8b2b5ff207f8a7da0605086c675471f47830c29357d42006eb2598262a
-
SHA512
52c672a7bb9c2b426ad6d4ee201c18fe751836f3b0fd4dea8c76e86c16fb47afe0f1a6443af323ccef6a549eb88af73250c59af9e4000784afb2ca7ca3509afa
-
SSDEEP
1536:6C1htydn6LwUGd8H0qlKhxGeB9VxgCR939beP8e5Lkkma6R1DTgbi55oOLuXnvKL:6CxicwUU3jvGeBTR19bePvgkmfgYoOCe
Malware Config
Extracted
xworm
america-depending.gl.at.ply.gg:22525
-
Install_directory
%AppData%
-
install_file
fix solve.exe
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource XClient.exe
Files
-
XClient.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 77KB - Virtual size: 77KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ