General
-
Target
kronosnew.sln.exe
-
Size
53KB
-
MD5
265c9781c8df329505bdfd7f1e153fb3
-
SHA1
dcdc0967a6acf9ba1ae008e222c51ae0cfb3fee7
-
SHA256
5813a7c390a998c7a51e4a93e273e5fab665a0037ed9f01ca59732c6095dfde0
-
SHA512
27fc47a96440f7b83062ead10febc2fa85800f2f746b4de0f2ff01b0f7c3fa50a32b5353f0053deb0c4018a55ec7a644586303000fad3960c2bd5f69b7a84c5e
-
SSDEEP
768:RfdaFEuOrCb03tl9lFAXxdDYIH8X7iQNyLjPlu0bpq/JEcirH6TWsrOgh7qqZuw:+FEubbCGzkIIILBlb0/+n6jrOgVqAl
Score
10/10
Malware Config
Extracted
Family
xworm
C2
127.0.0.1:8808
90.217.43.208:8808
Attributes
-
Install_directory
%AppData%
-
install_file
bloxstrap.exe
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
kronosnew.sln.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections