General

  • Target

    Standlaunchpad.exe

  • Size

    110KB

  • MD5

    745b7dbdbd6d44cbbd767e5b3335a87a

  • SHA1

    9f5d3d1c05d62ffc4cbfcf15bf6e845c41b33737

  • SHA256

    96ee8c5eaec36b7ae55733448f42062d2a3b2f4fe2edefc53d5c59d0c603b2ab

  • SHA512

    953dec16fa072c62fb6cb93c7f9dd0f99dfc14aec5674c616f38ae583c2d7925f4a0de0f1d27f1a0c8b261d416d51d4a86f7b55af39cec75f8ced255b4a1317c

  • SSDEEP

    1536:DkX0MuRJbXxIM2px6EAtcOETYbpY/2WDbhst1L7a8w63JOx81nyynfr:DkLKtx3Ex6YOBbpYOWDbhsLauOxoPr

Score
10/10

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:18082

147.185.221.18:18082

tcp://8.tcp.us-cal-1.ngrok.io:18082

Attributes
  • Install_directory

    %Temp%

  • install_file

    Stand.exe

  • telegram

    https://api.telegram.org/bot6916721041:AAGsGXyaplDWQ9HJlE88Z36KtBFClSB3E20

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Standlaunchpad.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.