General

  • Target

    fixer.exe

  • Size

    74KB

  • MD5

    a0b4d5217994585ec987ff21cab1ab1f

  • SHA1

    67a9422d94c0dc63fe28c82b32f7829812b1d556

  • SHA256

    bd743feb77a8f4599c2e2b1bb2f3202e0455ae9178b2ee508d64267e707837f5

  • SHA512

    e62e7741d6c982fee664835b585e143ee848a7d4023c97e8038e54304f4ac63f00a387fa95c230f8e97d4d580089fd4de74cc19f6d9a3c1d89a118613a50474e

  • SSDEEP

    1536:gbfHzALCq/TeB+oZQYsFXP0zr+bjbgLk8rkqOpSFaZ:g5B/PsFXPSr+bjonjOpSFC

Score
10/10

Malware Config

Extracted

Family

xworm

C2

plans-label.gl.at.ply.gg:14233

Attributes
  • Install_directory

    %AppData%

  • install_file

    Runtime Broker.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • fixer.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections