Overview

overview

10

Static

static

10

a4c55d3f1d...cs.exe

windows7-x64

10

a4c55d3f1d...cs.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    a4c55d3f1d659502076b1cedeb30acc151d649189d6af65b85d6dcb7577a0dd5_NeikiAnalytics.exe

  • Size

    55KB

  • MD5

    fff28d1ebc99a8ad6fcaf2d6012138e0

  • SHA1

    43c5e0fc035ece10ffac0b894f306c52fdda0827

  • SHA256

    a4c55d3f1d659502076b1cedeb30acc151d649189d6af65b85d6dcb7577a0dd5

  • SHA512

    d419ba2c59ee90d97ffb272c66bceba83d218d92a2e27927edf72b976b37d6b9caa040f056a7ee089c8d1662109a4598f84803b7b85fe8af0a98c5721c1cb40b

  • SSDEEP

    768:rlLX6fPCcqrp8y41ZVgOjltLZ3pLF+t9cmWY6vOCh/bVL7sDS5PmxxxxxixXp:Z6f6pX6/vZ5Fw91X6vOCFVUDu3p

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

being-nike.gl.at.ply.gg:16368

Mutex

8nwU6rEq90pfmsCL

Attributes
  • Install_directory

    %AppData%

  • install_file

    Telegram.exe

  • telegram

    https://api.telegram.org/bot7473256956:AAHegSIA2nubATdaJfB5eTXvqg3i6AhswyM/sendMessage?chat_id=957616625

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • a4c55d3f1d659502076b1cedeb30acc151d649189d6af65b85d6dcb7577a0dd5_NeikiAnalytics.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections