General
-
Target
TRXinjector.exe
-
Size
278KB
-
MD5
a8c6b43d2e10f85f228ca127fce13149
-
SHA1
4c54f18f2d3962fb8bee7092838497516a33aa7e
-
SHA256
febfca104b57afeab5c3f1a05f250c5f46cca0ae77e6378064bb0b8149333f0c
-
SHA512
e8fcedbfe67eb1339b05d34ad2ee11303e65f37fea972454b088f051cd68ebdffbe532014e2c52537045db1061a8ce5c4991651ca50ad463c6d613795253f6e7
-
SSDEEP
3072:rqwLyQi+bis0fVaD9CDXOTsXsTf92+OfMAWHQo0pjL4LdY00TcnKgD+Lwv7yzl:rb9bedaxGAfo9WH2pn4N0An3D+LwjA
Score
10/10
Malware Config
Extracted
Family
xworm
C2
april-dive.gl.at.ply.gg:10888
Attributes
-
Install_directory
%AppData%
-
install_file
XClient.exe
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
TRXinjector.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections