General
-
Target
last2222 (1).exe
-
Size
37KB
-
MD5
5c5921d12c3bf6dbfdba44cd53990887
-
SHA1
8e3bde886b3401049e0daf28ff5892c071cdcfb1
-
SHA256
e6e2fedaa616bf36934a43da6a3028566cca069896af91fec0e4a49216cd6588
-
SHA512
632aedb44c5cf3c3bf0a207d13cf10b95ef01b633e177956a892bd728eb50c0e184739f02a59501fc62d6a38362bf3237082b62f628d1805378d7be58aff2037
-
SSDEEP
384:eV3zqRvavwH4ANk+pWtwiLxlLZ9+mHNqldy6yvUl8q7KC/rXpkF0+LT7ZwY3EcvX:ec4JJHgEgL7Ka+FC9gdrOO1h8FU
Score
10/10
Malware Config
Extracted
Family
xworm
Version
5.0
C2
renagtiondo.com:23567
Mutex
CGqHoFf1guTmTU5C
Attributes
-
Install_directory
%AppData%
-
install_file
PDFF.exe
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
last2222 (1).exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections