General
-
Target
3f4351c659701ecbc9165d8a0cbdbc97.bin
-
Size
55KB
-
MD5
3f4351c659701ecbc9165d8a0cbdbc97
-
SHA1
2aa971037201e78b5b2f36432eeffaf4d0586256
-
SHA256
bdb75df709e35babd74de16668d5d4fbd458d6d21c9adccc5ee72bb9d9f76746
-
SHA512
972c96d9dd5384e71df9e9e5a4fb3b9bf345b8a9e8df6ac7a9d8a52e287dc7167a447d690a75f48228cabc8d1a34504abd5bd10bd2c79dbfa30776babf4e260b
-
SSDEEP
1536:NlLhOi/dkCOHVWkNfx3nKn4yYWRhuyOOVPH:ffcWOfx1WRhuyOOVPH
Score
10/10
Malware Config
Extracted
Family
xworm
C2
amazonshipping.duckdns.org:7000
Attributes
-
Install_directory
%LocalAppData%
-
install_file
MSBuild.exe
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
3f4351c659701ecbc9165d8a0cbdbc97.bin
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections