Overview

overview

10

Static

static

10

f35235d35e...64.exe

windows7-x64

10

f35235d35e...64.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    257a7c749dcad791ffcdcb1a34b5173c94cba699d2f917c3b8103fb8753fe7d6

  • Size

    20KB

  • MD5

    f25e38434ef9ec457447634581acb6d2

  • SHA1

    564bd7b229adc03d9809d768d90442c5fec3b816

  • SHA256

    257a7c749dcad791ffcdcb1a34b5173c94cba699d2f917c3b8103fb8753fe7d6

  • SHA512

    7f9e87d73f049e55f59f6df8636d5a4e70ae550257a3eb22d47db3b8672388c8b6b4b66146c161a67198a7cdfb83b2d07ad0d1f6700b385ff10671643529d022

  • SSDEEP

    384:Bpfi09//gRK7z/jc2zHaVoAf4Xwv7avx+wzjKDqNQ3TIO:BpqVKP/jce93Xwvmvx+wHKIQ3TIO

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

146.190.57.132:7000

Mutex

pmpnRm4B5OQHJlSS

Attributes
  • install_file

    USB.exe

  • telegram

    https://api.telegram.org/bot6491699241:AAEzWMqxLHLa_DADVhFrtpk__NqYBpyS7tI/sendMessage?chat_id=6432387334

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 257a7c749dcad791ffcdcb1a34b5173c94cba699d2f917c3b8103fb8753fe7d6
    .zip

    Password: infected

  • f35235d35e19f8aa40812628b7f99836655ff553ef2baed436aefb3948a1eb64.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections