General
-
Target
tmp
-
Size
35KB
-
MD5
dc133326b68994f547865bfd55ba7cbf
-
SHA1
3563efdf9083c2a73adfd4995d7fec38a9aa8f90
-
SHA256
57982afb0866d884045dcba3250222e3c52c6229faf42dd648eca0bf4b1e9f82
-
SHA512
3a604e20cdd128b71cdd7366d87e1d74776619e683347647e314b60f960fcb14b82f394bc718fefbe987f7b09377357d0f9fb03f904ae44c6f1518ca644e6f95
-
SSDEEP
384:6B3QqFKmymIsDOrdEA8Q1P2LWLKdC4+VSRwpkFXBLT294ZwgGPVvDbVisre3j6Lp:OrsrvCWL4CLYxFg90Ce3j6YOjhj/YdE
Score
10/10
Malware Config
Extracted
Family
xworm
Version
5.0
C2
31.172.83.170:7000
Mutex
15a0Vy3XScMU3u42
Attributes
-
Install_directory
%AppData%
-
install_file
XClient.exe
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
tmp
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections