General

  • Target

    siski.exe

  • Size

    88KB

  • MD5

    a39a9dbad030467f590832a6ab2ff349

  • SHA1

    23b9baed2339451a3dc0d710024e4f010fc89be8

  • SHA256

    db17812e10401ae3cdc44e07272758c155e215ccc2d4859833d7a26e38706d92

  • SHA512

    1ea795f981ecf0abb66c2fc2e1704e5292e319d8ff8d24a7e52b05b03125dc24d46f3b80a5f89acedd7361f0adfc7150a3707f9d41a2b4202e7cd014d359232c

  • SSDEEP

    1536:f62bFTb1Y/aBjS2jklqQZyoJPbUu6Ejbg/YVk36H2VLOO/V2G/cR:t5TyCZjks0ymbttnrVkxLOO2McR

Score
10/10

Malware Config

Extracted

Family

xworm

C2

character-estimate.gl.at.ply.gg:61192

Attributes
  • Install_directory

    %ProgramData%

  • install_file

    Chrome.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • siski.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections