Overview

overview

10

Static

static

10

triage.exe

windows10-2004-x64

10

triage.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    triage.exe

  • Size

    37KB

  • MD5

    c9c211b4a379c2eeb89cbdfc7ba68df4

  • SHA1

    c9ab5d91354d53a34a693af91af4b765d2c8cb83

  • SHA256

    63fcbd965122c086c9ceee273cffb44b881ac1b785545a164c8bdbd6e8c4728b

  • SHA512

    84a2867005c6237d92c666ecd2e58d04a785236009262e420a5665751daf780ff83dd370b995c633c5a1d15af4dd04d948a4527eea524b635c2f273103a90185

  • SSDEEP

    768:apCGdNwd0oDLw4/kLh0nbn1tTr+mKLLFyG9fc3Ojh9D7:aptNvoJkwt3+7Fz9fc3Oj3

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

got-examines.gl.at.ply.gg:40701

Mutex

9S5oMTUQo6PG1kEx

Attributes
  • Install_directory

    %AppData%

  • install_file

    XClient.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • triage.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections