General

  • Target

    Trojan.exe

  • Size

    35KB

  • MD5

    5224900582928a6c70d337dc209e5d48

  • SHA1

    ff9b39ac2163e6521b6b18ad4249ec01b44f09b4

  • SHA256

    c07ba6bbc6f72564d1708b2d48ce347ef889e505f1e339262000e7daf4605b9c

  • SHA512

    d6bd6c837ca86de24f02f586f5c406cfe84ddf07e1495d613ba0fce11d50a4d4d26a115975ab96529bc4243eae5267d421cbc84e9b31142f9dc50f13d7dab92d

  • SSDEEP

    384:agqYvXfKoimGfgkfm4oUDteFbaMLc+rqUB7u5C36gYtWORtpkFTBLT29pZwoJzVo:kokOZX1zB75qgeOFk9/Le3O/hl/PtYn

Score
10/10

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

PMS3Dtzg8lYjXObw

Attributes
  • Install_directory

    %ProgramData%

  • install_file

    www.kernal.exe

  • pastebin_url

    https://pastebin.com/raw/cs6P4mHQ

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Trojan.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections