General

  • Target

    priv8.exe

  • Size

    34KB

  • MD5

    1637451a984369f9986229e7221d42ea

  • SHA1

    b4d8699383ac9138c97dcb5ff97da51f6211c577

  • SHA256

    0ba3997f0dc8883a106f53ad53a376aaef17a73890eb5efdc42f10c90077e043

  • SHA512

    d453938074898615a8528f9ca47948cf4f6e8767d47bc2a79a2475dfbc9b7e8b2e7176c03894e1fb832a4cc88a09ce9118c6bc1061778de4ef67abd59769aa57

  • SSDEEP

    384:UIvnqQOsp+5e+tlerboocLbLUZLmCaCrCHixxdspFUR8pkFTBLTIZwYGzcvw9Iki:C2cHmDabCWzU9Fx9jvimLOjh6/4T

Score
10/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

156.225.129.218:7000

Mutex

NvLkpYq35wcm1KfP

Attributes
  • Install_directory

    %Userprofile%

  • install_file

    svchosts.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • priv8.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections