General

  • Target

    XWormLоader 5.6 x64.exe

  • Size

    62KB

  • MD5

    e166dd45fd4a6d4e228f0a89fa3730c1

  • SHA1

    98b15dc0ca3fde498d3ad1f53d542ee0b5024075

  • SHA256

    60ddff3747cec6439d564d036b7a0f15ac22de87fe3d41dc3f6eca9292ca1cee

  • SHA512

    beb7db6cb84ff8953d2892e710832b84d08cbc9daf68f0297ed169612fc30d9cc5ee9d7dda5a4cb4b19b407a34e94a26b117de0b7d4b831c348ff8a4715cd624

  • SSDEEP

    1536:UjwsKswX1sd3vObCAaCN5C6qXOsQh6wm7:UkWk1e3mbCvMmOsQhI7

Score
10/10

Malware Config

Extracted

Family

xworm

C2

feb-victorian.gl.at.ply.gg:12082

min-clusters.gl.at.ply.gg:12082

Attributes
  • Install_directory

    %AppData%

  • install_file

    Antimalware Serrvice Executable.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • XWormLоader 5.6 x64.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections