Overview

overview

10

Static

static

10

tor-browse...13.exe

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    tor-browser-windows-x86_64-portable-13.0.13.exe

  • Size

    145KB

  • MD5

    1f441960d0ae16dd6f47240c0c675888

  • SHA1

    181a344be3afce4d8da1fce6c2b9a69035663be7

  • SHA256

    8de907bfb0446c2d904ecbe07d195cccd3620cb10a58c2a386b86b437401f51f

  • SHA512

    1a4f1b91f17d599acecbd242b6dcbb7725c47a3166e1058b9dd8ae9b4018797d58ab874e5f42985fec57ef306f5ac0c37bb8e707a1a422aad2d0110f42958f36

  • SSDEEP

    3072:SmzzhvNFNUA4dXObT/ogMsZTOipB1bOPujxx6gDIjv:xzR2kbc2laPYxJI

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:1336

https://0772-2600-1700-4b10-4330-8d29-9d1-1a69-72da.ngrok-free.app/:1336
Attributes
  • Install_directory

    %ProgramData%

  • install_file

    microsoft_winesc.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • tor-browser-windows-x86_64-portable-13.0.13.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections