General

  • Target

    53672dd264c745b0b184e37e01d6ec2dc4d730a5acc77cb72d0f77faec6a4769

  • Size

    42KB

  • MD5

    13f2eadb80c5a2bf42b8edc8cbce3ae0

  • SHA1

    ad984d290d147744f3dc4acc935de0927bf9b430

  • SHA256

    53672dd264c745b0b184e37e01d6ec2dc4d730a5acc77cb72d0f77faec6a4769

  • SHA512

    f5bca65f4528da026257be7d621cf008b16d68395d4f3e90cea5e17433de050fcbea820aaf7457de569be7e23d012a8cdfccf9dcb446005fc99992ffb9a2172b

  • SSDEEP

    768:6tdXcJY25mPrRKyeWXJT2QrbhgouwBinFY2WlyibDD0BKPhUrq58mfznjv26As/T:edOY2GrRooJjbioBoFYZzqaaY8sznjv1

Score
10/10

Malware Config

Extracted

Family

xworm

Version

3.0

C2

157.254.223.19:8081

Mutex

i0Yq2Adr82znjD2G

Attributes
  • Install_directory

    %ProgramData%

  • install_file

    USB.exe

  • telegram

    https://api.telegram.org/bot5498061286:AAEOFPFhizSA_AbkzDV_OWcHlXVsegPpL_c/sendMessage?chat_id=1267602057

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 53672dd264c745b0b184e37e01d6ec2dc4d730a5acc77cb72d0f77faec6a4769
    .zip

    Password: infected

  • e6f7963c726231571294a06e1e8b1f03b87684cad8383bb194b957fc685685c2.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections