Overview

overview

10

Static

static

10

2024-05-28...ar.exe

windows7-x64

10

2024-05-28...ar.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2024-05-28_1a5c19862b8043792a14393d97ba6096_hiddentear

  • Size

    171KB

  • MD5

    1a5c19862b8043792a14393d97ba6096

  • SHA1

    d0d124e47ac8231cb6c4de91a1f6d25fc90198bc

  • SHA256

    84292cd5cfd81674ec255ed22bb0c26c35c2771f31d41e360c083e01a8e32afb

  • SHA512

    d99080a5cf2ca8835fac9a053ddf9568d1178f9072175247895c7da870d1adf4d811b0c237f48b6249cc78050e853c2e0fd2db26e4a56c78908f477cce0e1e96

  • SSDEEP

    3072:DLSqGINrzPJUJn1+bg63QbO6dxM+lmsolAIrRuw+mqv9j1MWLQf:DnGINrzOJcbF3H+lDAA

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

C2

westnfc.duckdns.org:1604

Attributes
  • Install_directory

    %Userprofile%

  • install_file

    runtime.exe

  • telegram

    https://api.telegram.org/bot7170597428:AAHEQS5NEfBJF76OnYgTzU6reisBALciUVg/sendMessage?chat_id=6151101199

Signatures

  • Detect Xworm Payload 1 IoCs
  • Detects Windows executables referencing non-Windows User-Agents 1 IoCs
  • Detects executables using Telegram Chat Bot 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-05-28_1a5c19862b8043792a14393d97ba6096_hiddentear
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections