General

  • Target

    2b274de1ba95b66b41fd57ba95e10653.bin

  • Size

    40KB

  • MD5

    e5a1afed24308bb75ef975505739fdca

  • SHA1

    d5a768a2d5bcb9667516186b6b35e288f81b3c6c

  • SHA256

    df99db544458d454a1e58ba9a80f38d805da5df55e757bd3c6b6f2ecd3664acc

  • SHA512

    cb557edb30a55cf2db7c9098408994dd6d988b3f88da0f5018175cb3c7dec3555519195e65289b07592dcda82a405f34381f0a549b7596d04c464f1526ced7eb

  • SSDEEP

    768:O2C8IlhyZC1YgY3q3QNeaZtrisZjmFu77qFZLJ7vQXyd3ClT7BcK8in:BC8IeIY3+3G9w3FtJDfSBcTC

Score
10/10

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:32901

engineering-thoroughly.gl.at.ply.gg:32901

Attributes
  • Install_directory

    %AppData%

  • install_file

    OxyInstaller.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2b274de1ba95b66b41fd57ba95e10653.bin
    .zip

    Password: infected

  • 0e9ed9a55cd440844668e5937cd2afb5a48dd5a17a3530fc4f9868038e305723.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections