General
-
Target
Testapp.exe
-
Size
82KB
-
MD5
99f4d49d65f478af3729cfcd526f9a50
-
SHA1
20e94c60c719fa43f833c18846fe3b88c655f73e
-
SHA256
b92209afdb2709f6e7b95fbd595cbf7d5309d213dc60792b4cc0ecb27cdf24fc
-
SHA512
7f985cb324433386064bc1de1d221d91a39a42bbab503d32f214419445d304ddf4cff0a7e6cbc074c769b45e39f5e54e78941ea559ba7744819b2cfecd850b30
-
SSDEEP
1536:YhZLtmZxut6/txtVNfFF5kWTk2qh+b9YXa47R+RP6oeJxOYWhC7wljfSBoi:YbtntWxtDFFTkD+b9YX7cHgOYWhC7w2N
Score
10/10
Malware Config
Extracted
Family
xworm
C2
80.133.66.162:7777
Attributes
-
Install_directory
%Temp%
-
install_file
AntiMalware.exe
-
telegram
https://api.telegram.org/bot6931107262:AAGmL4o7X7zVFFs3KoCS-KEOVazABjZbSjs
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
Testapp.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections