General
-
Target
400000.RegSvcs.exe
-
Size
32KB
-
MD5
e468efe5126bb567ffff909bbd4f3b7c
-
SHA1
fe8664297ee659a503c3773f47db6814ca231cb7
-
SHA256
1e4b4acedbf740e9e613666c465c35262f8697911eea202b58de9b9bfc4fef0e
-
SHA512
8d0028adc406919dc30fc48f5e5471fd97c0e54a3a4406e1a243f71c2071b25df668e88454325f1953370274531a08bb30da15496211ec3732efdc2b72ca0974
-
SSDEEP
768:g6GQNLLzDVJW3Tw4OlzVFE9jnaOjhgb4:3GQNLLzDW3U4OnFE9jaOjmU
Score
10/10
Malware Config
Extracted
Family
xworm
Version
5.0
C2
newstartagain.servequake.com:7001
newstartagain50.duckdns.org:7001
Mutex
EuJqn3TH86j1iOPa
Attributes
-
install_file
USB.exe
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
400000.RegSvcs.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections