Overview

overview

10

Static

static

10

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    tmp

  • Size

    44KB

  • MD5

    c68ed61142a3c93a48fad81d862f7303

  • SHA1

    71e288414069241b5b1905a0b18c710d28496df8

  • SHA256

    8a359718258e5464a0912029aec9a8edc7c63127e4fa9fdabd653712cfc5926f

  • SHA512

    efeb47de29696ab3cf5e1ceca7bd4d824bf658a250b9287d0f077f7a5b837ff6129ab69c1c993b1676865c35cfe12b5a75bf03b97b1cb770a510e4beddc476a8

  • SSDEEP

    768:1J3B4qCn8ztOhG58RUgx9zIo8Bb+BlsUUd5FFRPG9+46OOChvLvubWc:nBhCn8ztOhG58RZn8BHNFw9+46OOCl2J

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

192.210.255.140:7000

Mutex

UD7Y7vYuTiMZmVJT

Attributes
  • Install_directory

    %ProgramData%

  • install_file

    svchost.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • tmp
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections