General

  • Target

    sigmasoft-0.1xw.exe

  • Size

    71KB

  • MD5

    6538116da6dcf30ee794597963b20207

  • SHA1

    6ff33f12ea69fc818b2b633a46dafc9ac47cd1a8

  • SHA256

    81b460bce1126aaeee941fa6fb3945bacd058d56549443db236bd790661dae3a

  • SHA512

    ce0cab07f94532a446a72f5b1b3b125a64e03861bb48b48daf5f392001afc72e0f960bc9576515063b7ada294d3b44edd08f0bd618418d4e56c0eb2f65ebaee3

  • SSDEEP

    1536:XH1viI9rGg/4SHrsmGz+b97iBMNCJN6qO7MrItaPOxU6:XD9rGgpHXy+b9pNUO7MM1f

Score
10/10

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:42772

gorodpro-42772.portmap.host:42772

Attributes
  • Install_directory

    %ProgramData%

  • install_file

    svchost.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • sigmasoft-0.1xw.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections