General

  • Target

    ba1aa1455e1289e482be88edc0d7ab3c.bin

  • Size

    74KB

  • MD5

    dbc158a63693631bc15c68c035e0c44c

  • SHA1

    442f1e3d9aacf2d04bd4358aad19eac499139a83

  • SHA256

    0ccb31851ecf3f1c9e5f6e079478b8b03e00508459765125e473dd4ca8160cc0

  • SHA512

    c6c71aeadf1d640fbbd0ffc799f5520213734ec0a6818136fd4cffdde2d8cce01bcfeadb6909c770c349835bc39051061839268e3473f46306eebbdad437d49d

  • SSDEEP

    1536:0S2gJdaZQchHU8cJb/H+p/McrtsPNZNHsOt22QG3v2LnvGJAU3lDSEcP0m:0SddOQgHMH+NMcruPNZNHsj3G3uLnkNE

Score
10/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

modern-educators.gl.at.ply.gg:23695

Mutex

KcnE9Bn3Evaz964N

Attributes
  • Install_directory

    %Userprofile%

  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • ba1aa1455e1289e482be88edc0d7ab3c.bin
    .zip

    Password: infected

  • 72b972a5bf32ebaec48692474c0f0c2ec63236cb94b92fd18c73210a07268600.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections