Overview

overview

10

Static

static

10

c3ea7a64dd...13.exe

windows7-x64

10

c3ea7a64dd...13.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c3ea7a64dd0e6d1888a6403e38f300d30c55340e55d9e76741e42fd3ec689213.exe

  • Size

    69KB

  • MD5

    81cb3e2ab304c4dde3bfd1c7104736eb

  • SHA1

    0d17fe8ac5fdac8838d4bb8eeb234eb9bf96b258

  • SHA256

    c3ea7a64dd0e6d1888a6403e38f300d30c55340e55d9e76741e42fd3ec689213

  • SHA512

    d8d1cfe363e46bdf5a5dc0aecb5baf5155c663c1aeea165b4b6f54e38e16e1e200f455b25175037989ab592ed730692a3bc3958134bd67688b997e7d9d2c0e44

  • SSDEEP

    1536:TqJOKanpCtrpBpGTkLXRLNYY4b2IbPdZ5mY6aeO966xZWPFta:mengrpmkZNYY4b2IrP5YO96CZWPPa

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

3.1

C2

daddy.linkpc.net:7000

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

  • telegram

    https://api.telegram.org/bot6659084379:AAHwYx_m5LGEEADvQo2F9Q3CbvJIfs0Hh7o/sendMessage?chat_id=5457636267

Signatures

  • Detect Xworm Payload 1 IoCs
  • Detects Windows executables referencing non-Windows User-Agents 1 IoCs
  • Detects executables using Telegram Chat Bot 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • c3ea7a64dd0e6d1888a6403e38f300d30c55340e55d9e76741e42fd3ec689213.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections