General

  • Target

    EBCSetup.exe

  • Size

    78KB

  • MD5

    709e1b373849c1e3f5acb80c68f643e3

  • SHA1

    ae4b1874dcfe79f634da83384497a5a02d67e1c8

  • SHA256

    5d1bfc47e876af6de671773be3cf73242857025853199bd687df63d5704639f7

  • SHA512

    f6e9d3a0f9bad7bf9f609bcd984f28a02bcfb733b519fb9bced845ba2d0caf2fdeb9d6e08994ebabb6e4a869be622426eed778f5b3f64beb39fe3a7d2b8d788d

  • SSDEEP

    1536:i9CvuMOKmSXGfgfLEerrEVQbVUmtqPb2OcT6241MO5jSMg:i9goSXig1uQbVKrE41MOR3g

Score
10/10

Malware Config

Extracted

Family

xworm

C2

bulletingmarrano-44370.portmap.io:44370

Attributes
  • Install_directory

    %AppData%

  • install_file

    RuntimeBroker.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • EBCSetup.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections