General
-
Target
3a72ecec34a29f53a1d73677a0e6f4c2e19087a32f1808f8f4ff643f62128d8a.exe
-
Size
487KB
-
MD5
f451292bbe0b4c16d244c251105de16a
-
SHA1
a527d277ccc25ad97ae64fb76767f1e2cda66ff2
-
SHA256
3a72ecec34a29f53a1d73677a0e6f4c2e19087a32f1808f8f4ff643f62128d8a
-
SHA512
d53a9cd31a3a98eb88af0c5454007adf8c897db53b6518a9f0c019af0bdcb906bf9fbca616b5ee03d7adfa397a16af06bbfbbbf36d15b89fdf3b96fb79fd439a
-
SSDEEP
6144:MNDD+bHpEiGXQ4rnc+UI73whSk7MIhWI3tf5Jx/R7ZCe7w4uoVLdaPYZHuW31bZ+:MNncp0jUI73F0DhHbbzCMwI11b
Score
10/10
Malware Config
Extracted
Family
xworm
C2
schools-copper.gl.at.ply.gg:14154
Attributes
-
Install_directory
%Userprofile%
-
install_file
svchost.exe
-
telegram
https://api.telegram.org/bot6887301557:AAE2e7AcjyzPeaHQb_2XBthrT3TTCKt7jCs/sendMessage?chat_id=7045481276
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
3a72ecec34a29f53a1d73677a0e6f4c2e19087a32f1808f8f4ff643f62128d8a.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections