xworm | XClien2t[.]exe | Triage

Sharing

General

Target

XClien2t.exe
Size

39KB
MD5

cb66c0aecefa400bd702fdfce6768867
SHA1

86eff3a8079fac5ba6bee0c7305dcfb02bf11dff
SHA256

e984d24a32bfbd3da67c941e130e6cc73efb0dbd343f549b49626fd059a84c7e
SHA512

f9436c34ebfe6ea6db97eaef00d0e5c8b5196fe7e01f6c4cb3ea811c98a80b6e735de8e74bb5a2b0404f69001f1aeae160386a9bb402f4ba3da65bb7d5458831
SSDEEP

768:Inp2iB3sNvzK2Awjzef/YEW7KbiCqEoFN9UeGOphFjtYGK:RiB8V6f/WlCq9FN9UvOplBK

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

https://pastebin.com/raw/s98jTNJs:1

Mutex

skS6kMhEKAoBazrr

Attributes

Install_directory
%Userprofile%
install_file
msconfig.exe
pastebin_url
https://pastebin.com/raw/s98jTNJs

aes.plain

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
XClien2t.exe

Files

XClien2t.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ