General

  • Target

    WellHub.exe

  • Size

    72KB

  • MD5

    d64601c9d3c7ec736a5858e7d5ca9530

  • SHA1

    8117714b2f9ecc73e48828dac353e124f34ddb70

  • SHA256

    5a4233d2d5765f658747f56afbcde2126e6e66ecb48db75a38917e99c290e8be

  • SHA512

    3ac658a339f1c094f8b9fab36f15f6a7c2a0d80e30bc29fbc087420ec83be8f410886284e57c52fb9e04d6d64761914b606c2160cb91e1bb780f62d1568b1545

  • SSDEEP

    1536:OoxoLsbEKhAyLGwWgg0bnIpe7po61QhV90OoTlBgQi:OT4FL/bnSV90OOlBZi

Score
10/10

Malware Config

Extracted

Family

xworm

C2

0.tcp.eu.ngrok.io:17941

7.tcp.eu.ngrok.io:17941

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • WellHub.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections