General
-
Target
XClient.exe
-
Size
329KB
-
Sample
240630-ll38aawblg
-
MD5
51d7beb4236e50e6238389f7ede77227
-
SHA1
2cd6ef65f2af0d15764a94717af83d36512f3b2a
-
SHA256
5e83ca98a0a7200952afb3609975d0764d183090da422774f969e1b109b9b904
-
SHA512
2f060324a26dbabb37b9132defe703c65b00e4fc780844e58e1eff146971d09cfe8455479edd8e27c1f4bfb0ce8b0be6ffbc6042b6b5215970865b6269f15483
-
SSDEEP
6144:Yki6z0brsdgF+GIIIIIIIhIIIIIIIIIIIIIIIU:Y8z0si+
Malware Config
Extracted
xworm
127.0.0.1:1604
-
Install_directory
%AppData%
-
install_file
XClient.exe
Targets
-
-
Target
XClient.exe
-
Size
329KB
-
MD5
51d7beb4236e50e6238389f7ede77227
-
SHA1
2cd6ef65f2af0d15764a94717af83d36512f3b2a
-
SHA256
5e83ca98a0a7200952afb3609975d0764d183090da422774f969e1b109b9b904
-
SHA512
2f060324a26dbabb37b9132defe703c65b00e4fc780844e58e1eff146971d09cfe8455479edd8e27c1f4bfb0ce8b0be6ffbc6042b6b5215970865b6269f15483
-
SSDEEP
6144:Yki6z0brsdgF+GIIIIIIIhIIIIIIIIIIIIIIIU:Y8z0si+
-
Detect Xworm Payload
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-