Overview

overview

10

Static

static

10

Ro-exec/loader.exe

windows10-2004-x64

10

Resubmissions

16/07/2024, 07:11

240716-h1eaxstbmh 10

16/07/2024, 07:05

240716-hwsyhszfjl 10

16/07/2024, 07:01

240716-htde2szejm 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    krampus.rar

  • Size

    66KB

  • MD5

    ba74fc6a6e3dac97bbc706a8e393e9d1

  • SHA1

    91539f9825d74097460a284991c14ae5973fcfed

  • SHA256

    52800e6981347749a39aa5a1e74e87dd91fa40b2ec4eb16eb1abbafa4a1d976a

  • SHA512

    07c5117f7c34a8bbade060c60f584105187817f8e1cfaacad4c20f5318332842e61fcb1c33476aa0e7af4dcad97618390287d62664c89be5c15f42b5593b7119

  • SSDEEP

    1536:lQUqgFIsoYAqRQ36tvaOapJmA+mMA9iCEoQ3EPuUO:lQgF/oYdxZaOapXd9Bfu3

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

wd6jhrWNYWQZnbJt

Attributes
  • Install_directory

    %AppData%

  • install_file

    svchost.exe

  • pastebin_url

    https://pastebin.com/raw/tAs3dppD

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • krampus.rar
    .rar
  • Ro-exec/READ ME (ro-exec).txt
  • Ro-exec/ezdebug.png
    .png
  • Ro-exec/loader.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections