General

  • Target

    4e1c125defbb2475f3c847abf5444bd716a45b429de38ab684fb55bec4af3de6

  • Size

    155KB

  • MD5

    5cc360d72a936c3533827c6606498678

  • SHA1

    4b82f9a4097b77b9f1930f8f79f7ddca2262a811

  • SHA256

    4e1c125defbb2475f3c847abf5444bd716a45b429de38ab684fb55bec4af3de6

  • SHA512

    c85037d1d403a2e32fdecb9486cca55d7639a8c3e108fc63eeeb0833499f361e96290b2a733641d980d51409344e4059c94f2a2ed63225726a0cc8c4755eb6fe

  • SSDEEP

    3072:p7Q5cX+GcDUHG5Ar6db9A6C1TO3rEDBsVlWN97u9bK6Sz0cAMSCboTiv:Ng9dbS6TyBe9G6DMz

Score
10/10

Malware Config

Extracted

Family

xworm

C2

https://pastebin.com/raw/ChxziS5b:112

Attributes
  • Install_directory

    %AppData%

  • install_file

    \Roaming\Microsoft\Internet Explorer\UserData\iexpl.exe

  • pastebin_url

    https://pastebin.com/raw/ChxziS5b

  • telegram

    https://api.telegram.org/bot6809718735:AAE4t3xfzBHvyjC4zipUDbw1pc62fwQYOgs/sendMessage?chat_id=6601299789

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 4e1c125defbb2475f3c847abf5444bd716a45b429de38ab684fb55bec4af3de6
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections