General

  • Target

    bzoele.exe

  • Size

    73KB

  • MD5

    939f28dfa4e002dd31df3c3354f282bc

  • SHA1

    5a24daf43dd18888b1bbcde8a71be2bc2d401d89

  • SHA256

    5d6e0e7a7217194f2c662dbfb3c93d4eb0d0deeed249217cbda28915a417ce6b

  • SHA512

    9654cde0c5d82f31f0fbbbeb86b7acfaac840a963b3ef0c1e606b79eb98cbcb3317ba2f5fd4ee29b6d6d184d865128d42c39aa2037f5c49803ca7412542ee07b

  • SSDEEP

    1536:4FPxnRhed8P4wKvRjjb20WchFewbv701pl69jBO07jaE37XKXT:4fG+QwCxv2XchhbvY4O0fZLET

Score
10/10

Malware Config

Extracted

Family

xworm

C2

Thecoolboi991-51392.portmap.io:51392

Attributes
  • Install_directory

    %AppData%

  • install_file

    XClient.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • bzoele.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections