Overview

overview

10

Static

static

10

Runtime Broker.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Runtime Broker.exe

  • Size

    41KB

  • MD5

    6d055d256a91499e94dcf5c354027e63

  • SHA1

    2f92bad5e73bed9e1156a1b160aed5edf58448cb

  • SHA256

    18100f1448e54ef77d919645abfa244db6874360b133ff998b8095d7f0637898

  • SHA512

    206339eef9eae1a63b487b02a64b1ed4f5edeadc07ec843bec431317c8fef70597712f1f9343c5a44072b37c18ff58750f2cabd68152eb97861ae6e6b38f89f6

  • SSDEEP

    768:AMBeQG09VA7t8BseJtwfG9kxFPc9b2q6dOuhF/RrF2:A9WV0maEgXFk9iq6dOu5rF2

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

fhfgthfghfg-34660.portmap.host:34660

Mutex

XgjQGffY5FB1pHCz

Attributes
  • Install_directory

    %LocalAppData%

  • install_file

    OneDrive.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Runtime Broker.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections