xworm | XClient[.]exe | Triage

Sharing

General

Target

XClient.exe
Size

67KB
MD5

b5ea7d94e5e61976ad39908ce98d3717
SHA1

23ef2cd169718cf5eb00e4a6a972888e4caff74f
SHA256

8605ee7e95cfa1e4227c4d19acf8418cd18157515efda8f8ebbb7ce6eeaa7857
SHA512

51c37b8c79f40bef577ee75c37471e358cdd3f80fea5477b33fdd3325f0320223aabdbd20ea7b481fafdb13316e2b4d566e4497255612581404662c3b4c7eb62
SSDEEP

1536:clLmeR5RsNC/70/KlTLHYd+bk81FxJRgZ6fwQOCDPnOdNL:cpPvRQu0/KlfYd+bnaQOEPnOfL

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

currently-rochester.gl.at.ply.gg:30522

Attributes

Install_directory
%AppData%
install_file
XClient.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
XClient.exe

Files

XClient.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ