General
-
Target
ambrella.exe
-
Size
32KB
-
MD5
df0a2d9f7d2f8e90c6690005c3f8c0eb
-
SHA1
5358df11ae090ebf40da82fc2d29c29c0827ac53
-
SHA256
07c511fbcfc27f2ed31d0191d51bd7a72017cd4fb10457526b87393d84b64713
-
SHA512
5c4bbaa35b4505fbe82759edab696a6836d684aaee916b38e429908451f056d40575fbf7cbbeb3416743932fef47aeda27960735596bc794d004fe6ea806acc3
-
SSDEEP
384:jEbmX5Qa+vN1h1+X3v6JFjL+gkr3Tm2eaFOL1dRApkFTBLTsOZwpGd2v99IkuisG:wVa+vNtg+PB83Tw4e1dVFE9j4OjhubA
Score
10/10
Malware Config
Extracted
Family
xworm
Version
5.0
C2
127.0.0.1:2010
Mutex
8R0uhpDCYykOOQzR
Attributes
-
install_file
USB.exe
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
ambrella.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections