General

  • Target

    64c908b56f4856f62d366e08cb5a0191.bin

  • Size

    33KB

  • MD5

    64c908b56f4856f62d366e08cb5a0191

  • SHA1

    cca5953e1bb97e90d03188005039f6601f5e3650

  • SHA256

    882b4510de1ab48be6cf5742a07aa748fc3bc74091eaff47f4f896c8ff8c076b

  • SHA512

    ebc5f762643f701599a5f310e069a42851f9e2cb4f68ae658665eb2d574a73203102f9cd19fa0ff94c0c2607bc45f73726bc23d6e8a639fb50ef9f2c2ea6f956

  • SSDEEP

    768:JUa+vNohsXn42JiB70SVF49jfplOjhsbD:UvNohsn4WiR0oF49jfplOjC3

Score
10/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

0.tcp.ngrok.io:17351

Mutex

rwcGrD24OpWTryCj

Attributes
  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 64c908b56f4856f62d366e08cb5a0191.bin
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections