General

  • Target

    RUN FIRST TO MAKE EXECUTOR WORK.exe

  • Size

    45KB

  • MD5

    b5919c40b288cdfeabbb8db191194a38

  • SHA1

    c0421544596aa5f170e6cc8bdc0e56e5f06b816f

  • SHA256

    582714257df3103f256a79345180764fcd2cb5f66b08b93b676c0a5a038040cd

  • SHA512

    4a5dfb3ec98f0567bde31ec74507e89fc00548bc66273e93a64510b7c0b4f27f2a204c9be63ddb22acbaa102079a91f755ab035f87e57fd0046a3b4309bdf748

  • SSDEEP

    768:9yK0gdhOEykDe9Y/gx4T9nEcNchJlVvD4xeVhKfkvLbFEPa9pvJ6iOChpzjif4I:9yKrAkDeO1RazlZrOM/FJ9NJ6iOCjegI

Score
10/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

pa-nitrogen.gl.at.ply.gg:62957

Mutex

FXedCitZIFUisbCd

Attributes
  • Install_directory

    %Public%

  • install_file

    System.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • RUN FIRST TO MAKE EXECUTOR WORK.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections