General
-
Target
spoofer.exe
-
Size
34KB
-
MD5
a4f9bdff4bdd401987a4a0fe575f11f9
-
SHA1
e78389485657a011b0e30dfe9ece61a1391a0dc1
-
SHA256
8b8f11cad7aa97391ecfbb12e78eca71b2332c9e8ba72c567c09fc558b9c1563
-
SHA512
14249d647bf2e0c0f85786129e2a434cf67b1e201b586dd48baf6804844d38399f0f53facf924c973e0c7ea765538ffa7dfb3b9e34dac622ad25366acb090e42
-
SSDEEP
384:tIoXVqG28uymzhzUuHnOmYxLm9cCwvHixdTX2VR8pkFTBLTIZwYGDcvw9Ikuis+s:LXUzPi9wcC4C+V9FZ9jROjhQ/kj
Score
10/10
Malware Config
Extracted
Family
xworm
Version
5.0
C2
127.0.0.1:7000
Mutex
nRBEEYZOqfIkEB1A
Attributes
-
Install_directory
%LocalAppData%
-
install_file
Epic Games Launcher.exe
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
spoofer.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections