Overview

overview

10

Static

static

10

042573dd1b...a2.exe

windows7-x64

10

042573dd1b...a2.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    5a96b55cf1a1c7b3a905aa203760439e.bin

  • Size

    15KB

  • MD5

    b4e450afa5a1948633b65d4e046ae169

  • SHA1

    493a449689eb9ecefab8b9050e3b765008a911d7

  • SHA256

    97be34a66d00f51545a4233ae9b8e4eccc8b840d89195fde9f78e26f1a61f84c

  • SHA512

    9f8efd8347f39628d42684dd4776b4db4b5c0d3ec6352af155043b94ee3663e190cb5b7c4c24f6685f116b59a6959b9851ef3a1d566e16ef39ca01e837e94714

  • SSDEEP

    384:VuWITcFRzEguokyqD/ObsjHHcIJrxRbkgonOzlsf+cqA/ex8YyHyxWH:VnITcDuokFD28HHcIJ9Rgwlsfxq4O8Rj

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

3.1

C2

2023navidad.duckdns.org:7080

Mutex

A5NU4TxiX49ZDegR

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 5a96b55cf1a1c7b3a905aa203760439e.bin
    .zip

    Password: infected

  • 042573dd1b11ace9cffe039d56a04ccef645af4ed392a9e3977c955b421e8ea2.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections