General
-
Target
$RVULAPD.exe
-
Size
93KB
-
MD5
7865912339245d7e4970eb1a27fabc2c
-
SHA1
dd584c401e2b21296d4f3167cf070024c71f640c
-
SHA256
bcd98496e76c128871952de7d7daa0b8930b0430d6553e77ce72508ff418bb19
-
SHA512
1d688a0ee969695f765794b8f864078c68a4ded7ab6a081e19d5040530bef210d989df772068d9f5291ac9093ac4cc73341e0582fca0a69435f1fe3d7f33504d
-
SSDEEP
1536:aYP0rsKtfimtQz5/Ae2G6WE0OsaTbWQw7T+fxSG6RsaSSuOLygpNw1PbVy:1P0rs4zyz54e2LF/TbWQw6xSiaSpOLyU
Score
10/10
Malware Config
Extracted
Family
xworm
C2
tr3.localto.net:42425:52773
16.ip.gl.ply.gg:52773
Attributes
-
Install_directory
%LocalAppData%
-
install_file
InvidiaDriver.exe
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
$RVULAPD.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections