Overview

overview

10

Static

static

10

0a785a3533...d1.exe

windows7-x64

10

0a785a3533...d1.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    7b20c6c1ae8a7fb30666a20540ed992a.bin

  • Size

    165KB

  • MD5

    b6da5c900d0a55baee36d3ba1d1c72e3

  • SHA1

    b28cc7db8ce362bdafd8b5c7a141f5b021a6b79a

  • SHA256

    d57a032d5be760d322088790f12ba491dc302387dba82143f7eaa26fe6d15b3c

  • SHA512

    77ca9e80cb828b4a755ca08b33661dbfd5ce157f598906068bee11dc2b3ef52c0e0eb385c9ccc9652a46885b95302087bcfa6864ceb1f6ed2258be04a88eca60

  • SSDEEP

    3072:fJC4c1dDUdUMk38mAruaooS+r2uA/yk7cZbqHb6p/kAYiUktGtXP8QK78rw4PHy0:xCPXDN8mAr1oo7r2pyk7c0b6p/kRytGr

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

C2

156.225.129.202:7001

Attributes
  • Install_directory

    %AppData%

  • install_file

    crss.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 7b20c6c1ae8a7fb30666a20540ed992a.bin
    .zip

    Password: infected

  • 0a785a353308e02dfe2b5b3318d6a2a90d7a918dd200d70109fe3eedc3ce69d1.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections