General

  • Target

    5ad0a139daa10def6783d34a578882eb.bin

  • Size

    32KB

  • MD5

    18e680b9345a62bb61822fc790256a25

  • SHA1

    b25f94f9ec946abd4c2958f39162c36adcdb38f2

  • SHA256

    cfb3a4e43fd935a2a9460d7476c7119b8037dc64572f5d31855d6a78da3a7036

  • SHA512

    9b2fe743b3c70bebbd2be74088a73dfe6ad4bdf7b2bbbfc8c99ee38dccd69250a66c5642c3bd9295b36bd709d6470451b68639ca7d5401d976a9ba913e826993

  • SSDEEP

    768:bQU5Gd9irzQw7IWFmpCKMh6YRPmWl00DntIHtIgPOKVa:bP5s0z7PYCK+FmWl0QkzdY

Score
10/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

sekoneko.zapto.org:1111

Mutex

epkUNO9aHruE9KEn

Attributes
  • Install_directory

    %AppData%

  • install_file

    win64.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 5ad0a139daa10def6783d34a578882eb.bin
    .zip

    Password: infected

  • a788a5b401661ff1c3eedd21d679ccaf39a35cb1a5a814773b1e4ded48de890c.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections