General

  • Target

    shtorm_sb.exe

  • Size

    238KB

  • MD5

    2faf13feda202796051c439b5abd8d48

  • SHA1

    5c2d1f4be4f7dcef2f5577a15ea3f31c59ddbe8b

  • SHA256

    cde6b414622136dd14a5a025f6d8fe2313c36a347086fceb168b5dff1a6c288b

  • SHA512

    dd46a3f553ff3bf0a39b8f4132d1053ac1758b2befb8a1b096455bd7812f2bcaf29fc9dcf00ef0bb972b4c27e47cc2b347f3fe4e58bab7708be1855fd7bdf2b9

  • SSDEEP

    1536:tDeWitn1NIohnWQoJ0GSbhdp2QfV9XBqn6MHxOwz3i+7BanqY5DW1T:VePbVnhuSbvppn8ROwzrirDcT

Score
10/10

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:13244

close-material.gl.at.ply.gg:13244

Attributes
  • Install_directory

    %AppData%

  • install_file

    svсhost.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • shtorm_sb.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections