Overview

overview

10

Static

static

10

4895e0609b...0N.exe

windows7-x64

10

4895e0609b...0N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    4895e0609b8d30ad1da7b4289b8bb5f0N.exe

  • Size

    80KB

  • MD5

    4895e0609b8d30ad1da7b4289b8bb5f0

  • SHA1

    4802369bd6e156e732d217ab00c45a79f16cfd54

  • SHA256

    da90050b0cc6236c09a764da75a84c87f6eb459987c086e40d6bb62b32995335

  • SHA512

    9713e13790b54e03e89b45dded570389356e76b24a93b6438e772dc1e5343c97f8737c982e1122099aaf1a18a7aa574a4de5e9bf4cbdd74a63b9deca0eb4bb67

  • SSDEEP

    1536:kzT1EbA9yDDBMA/P8heNmbuinyfpuQO6Q9WrnhnOcRF81PePG:8kdTXibuzfpf7nhnOcf81PN

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

C2

positive-you.gl.at.ply.gg:16734

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

  • telegram

    https://api.telegram.org/bot7343225892:AAGJ-_TVGwSK_6PGyafbOWbFKwsijptXrto/sendMessage?chat_id=944774411

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 4895e0609b8d30ad1da7b4289b8bb5f0N.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections