Overview

overview

10

Static

static

10

2024-05-22...ar.exe

windows7-x64

10

2024-05-22...ar.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-05-22_1e06d1f23f474c5e6ba0f279d3d3dfac_hiddentear

  • Size

    133KB

  • MD5

    1e06d1f23f474c5e6ba0f279d3d3dfac

  • SHA1

    307c847fafc7453a1050d85b6099b113a2790ef0

  • SHA256

    eb8721bfa1bcacc08b8a8712e6a7fc6d4b69776e8b592abef9539c2fc671df50

  • SHA512

    d1d5302d01fff58479385153160ab271b15f87c87cb5d7ab1df153d818ee9f109fcf8318c7622b068bb4344ab2261aca60c571e2e642d0f84e01bf15ade3c5fb

  • SSDEEP

    3072:J+oM/FJZdq/Fk96ytO/fXM+lmsolAIrRuw+mqv9j1MWLQI:C/FJaNk9Ts8+lDAA

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

103.161.170.251:7000

Mutex

O5WJMXQSSZKD5Ijn

Attributes
  • Install_directory

    %Temp%

  • install_file

    khiet.exe

  • telegram

    https://api.telegram.org/bot6833541180:AAEc_LLwKd7Jex1zaN5vTaLg13uuFjIHQEU/sendMessage?chat_id=5747667034

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Detects Windows executables referencing non-Windows User-Agents 1 IoCs
  • Detects executables using Telegram Chat Bot 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-05-22_1e06d1f23f474c5e6ba0f279d3d3dfac_hiddentear
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections