General
-
Target
RRCleaner.exe
-
Size
84KB
-
MD5
113f026c895bed630ca263353e0002c6
-
SHA1
4f7c9d86115fdcec72216a0dc3bd91c9c482a286
-
SHA256
c6f05ee7cb78bfc21f0bd38c83ca18a29f1cfe8de1375723271a7765ebbc25c8
-
SHA512
1bece5acf949758e39a0dabdd583fca396148d4a77abf0436b4d942a4e1e687b5128b631ac49c4323ba341d3bee8b1966efb5fdfa107a3255512356d69037ecf
-
SSDEEP
1536:zxbjnXB059k8xeugySXDkbkinjZFQbbB8UZIzutg5CW36N1IRUKyOueyl1:zRBOKceXzktjZFQbb1G5CvKRtyOuey1
Score
10/10
Malware Config
Extracted
Family
xworm
C2
exchange-extends.gl.at.ply.gg:45129
Attributes
-
Install_directory
%AppData%
-
install_file
RRStealer.exe
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
RRCleaner.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections