General
-
Target
SolaraBootstapper.rar
-
Size
18KB
-
MD5
c3ed47bf401085c02fc452218915f7b3
-
SHA1
c14f5a84a9a08c2869cacaa6c5a611a054a77026
-
SHA256
3632b347e260162fce966b6288ae460b4da58c4dfd3c99922a20eeab68037ee9
-
SHA512
2d4e26200527fe9e089b81026932ee84c901b8271006dc8aaa85f735417acae3651c6e1636ee7be90b4a481653ce6d7d0a0e92d0f0c6ec6321af3142bbd1ebfc
-
SSDEEP
384:eIZMkOB0wFHAgggXV3+vrdU3BGO7ggfixo4OsVrbbqkQC:zJ+FHLDVOv+xJfixMsVrKy
Score
10/10
Malware Config
Extracted
Family
xworm
Version
5.0
C2
21.ip.gl.ply.gg:31125
Mutex
MvSCeBc3O60ZSJwy
Attributes
-
Install_directory
%AppData%
-
install_file
svchost.exe
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
SolaraBootstapper.rar
Password: 123
-
SolaraBootstapper.exe
Password: 123
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections