xworm | 82e9e87e7e46c834d08ce14395baf877d6ad62e5bee900184ba699cbc7080393

General

Target

82e9e87e7e46c834d08ce14395baf877d6ad62e5bee900184ba699cbc7080393
Size

64KB
MD5

a9efb8440dbd7b17e61dd777bbd561d9
SHA1

0706477d61db1419034e80a65f1bb3336e5de485
SHA256

82e9e87e7e46c834d08ce14395baf877d6ad62e5bee900184ba699cbc7080393
SHA512

6ef279b3343bc0702e7645f4c1eadc82651d52ad3a709c49dfc874246d266b6a59ddd6ef1059bbaba7aba4758f12579b7207fe5bd6f183214414c5c294e8b764
SSDEEP

1536:3YY5CyFc7KBCyDCfkYqSufbRo+7iyjA7nOLVQszse2:3YY84BCGCfkYqSYbRFEnOL20se2

Score

10^/10

xworm

Family

xworm

Attributes

Install_directory
%LocalAppData%
install_file
Solara.exe
pastebin_url
https://pastebin.com/qpB6hEFt
telegram
https://api.telegram.org/bot6552294168:AAE8W0wx7wB9Mqkq2LoOz_YDua7Nm_XgpVU/sendMessage?chat_id=6443295666

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Detects Windows executables referencing non-Windows User-Agents 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA

Detects executables using Telegram Chat Bot 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_TelegramChatBot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
82e9e87e7e46c834d08ce14395baf877d6ad62e5bee900184ba699cbc7080393