General

  • Target

    171328284503097ec9167b4bcb20655c248cb3019cdc3966ecccf11a86ab7ad3192e8a9a17121.dat-decoded.exe

  • Size

    33KB

  • MD5

    61c7dc2acfea864ad45b2a4fa8b1bb5c

  • SHA1

    73fb54808cd83f946cb618513f4c2f969f85b347

  • SHA256

    326f2caac45fb3fd8aeb65f3c70105bce862022c2e30de367ebf9fbb77d1abce

  • SHA512

    9202f76eb9ffb9f146212960585fef937fde61b36155223e031a144499cc82b5b7a95d27f8978faae09021ee2173ace390ce8c95270788c8f3d0c7d2f566c0b1

  • SSDEEP

    384:oAV3W8+h/ghVYLcKnLTL93ZFsLcvSAOokFRApkFTBLTsOZwpGN2v99IkuisTH6x7:u8eFZ393HJvlYFVF89j/OjhBbE

Score
10/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

wormplace.duckdns.org:7771

Mutex

42ZSJUh5fcssCBli

Attributes
  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 171328284503097ec9167b4bcb20655c248cb3019cdc3966ecccf11a86ab7ad3192e8a9a17121.dat-decoded.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections