General
-
Target
WindowsHealthProtect.exe
-
Size
157KB
-
MD5
867bd1a3adb00960ae067e0a78eb8169
-
SHA1
7ab2c2bbdd6dc7c8ae9fbbaad09a323e28865371
-
SHA256
324a08c32241c38030bd495b74411382b6694dcf74cf66caff1d15b6b2370c08
-
SHA512
5937cd0f869da3f00095319ca53f15bc924f512895676b33f9085a0ef21b5f7e5d33acafc7e47b4039f543980f73dc5a92bee19556b14588e524b9137e4c3c19
-
SSDEEP
3072:MCaHVqFw9CwOCVJ4NpVq8BxFRzaqF+o2GQJ7/JzqVfGvV:Hw9/gVqwlL
Score
10/10
Malware Config
Extracted
Family
xworm
Version
5.0
C2
127.0.0.1:6004
is-eminem.gl.at.ply.gg:6004
88.168.211.65:6004
Mutex
bUdXY3BrQxasTJsJ
Attributes
-
Install_directory
%ProgramData%
-
install_file
WindowsHealthProtect.exe
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
WindowsHealthProtect.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections