Overview

overview

10

Static

static

10

0db294ba72...9d.exe

windows7-x64

10

0db294ba72...9d.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    908aef51a0d9e006975d8fc7d77bd808.bin

  • Size

    14KB

  • MD5

    bba972655b64af285f11dd05c6186ee3

  • SHA1

    f4e223efd032be1a85fb7da590c895886e76d547

  • SHA256

    2f710b8ee9146c46ff99a1dd647e740d25b66a0db2b2003802713174bb84cdfb

  • SHA512

    5d97c120c7dd29a7ba9e6e149842c7e1be7ddd5732455db851b0b25d01000f160626e0bbd0dc6982b4b347bd4291c4738193c60c40347897476d2b13f5a4798a

  • SSDEEP

    192:G0EctzUVYFIApGJFJdxIQUP7gJOjam28O+iliIjRdRRrYNylyq0GRx7az13p9:G0yVhAA9XUPkJR8OB1RrEuZ+z13f

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

3.1

C2

daddy.linkpc.net:7000

Mutex

n1tAo1XAMkfhCZS4

Attributes
  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 908aef51a0d9e006975d8fc7d77bd808.bin
    .zip

    Password: infected

  • 0db294ba72c23d7eabc38b3998cfbd90b9eea1c22a4e7d8b8e9f5e1c479a369d.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections