Overview

overview

10

Static

static

10

ed54900c3d...22.exe

windows7-x64

10

ed54900c3d...22.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ed54900c3d48f377ada002cfff6e633a5041205c4bbc41c815921bcc6569a322

  • Size

    69KB

  • MD5

    413c101b7b8aee26309cd99b2ff53000

  • SHA1

    fa693b2dc2b562cc8e9752cf4201f93aaeb450bf

  • SHA256

    ed54900c3d48f377ada002cfff6e633a5041205c4bbc41c815921bcc6569a322

  • SHA512

    9c1f17d4804afd60b00381b14e76b8dbdd562b5b7cd9ef3093ec8565982fda23dfc615d032b4592dcb8632bb946e26c6e0a8cec111b6ab51faa461ab60cfa5f4

  • SSDEEP

    1536:A/XVGp9iQL+9LPFhm+bIz1ZbhBUMbe/kkAuOX0MGzpF:+XVGWQL+pP9+ZbnUL/OuOEMGz3

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

3.0

C2

canyouseeme22.ddns.net:6065

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

  • telegram

    https://api.telegram.org/bot6660763124:AAFE8PXu74Jm6rucbd_6w86T8pGiY0tWsvk/sendMessage?chat_id=6273743275

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • ed54900c3d48f377ada002cfff6e633a5041205c4bbc41c815921bcc6569a322
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections