General
-
Target
a9f1d82a7954d86d746086969c0d7b7b5ca65ccfd0d6a375931a6826eca1a8c7.exe
-
Size
69KB
-
MD5
99088d7d8b409b4039b02295e64a686f
-
SHA1
f58dad3090854f8ab5cc3de89d6cdaeb151883d4
-
SHA256
a9f1d82a7954d86d746086969c0d7b7b5ca65ccfd0d6a375931a6826eca1a8c7
-
SHA512
a485b749f096a63bcc733b848317ceca918ee46516bcf17593c8358303a80aa0fb15c99b444fbeac02f79ac69c165e8a2fbb614265a56d99b5c098bd48d388b7
-
SSDEEP
1536:/Jyq1zgbszio2koAZnsuW8sLFbsnkRs6v6daV4IO8geup:/JT1zPziqoQsX8sLFbsH6R4IO8geup
Score
10/10
Malware Config
Extracted
Family
xworm
C2
main-although.gl.at.ply.gg:30970
Attributes
-
Install_directory
%AppData%
-
install_file
XClient.exe
-
telegram
https://api.telegram.org/bot7208700451:AAHHz5xWybJ91pH6F9vJRw8dcMEBlRiBXKs/sendMessage?chat_id=6131620354
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
a9f1d82a7954d86d746086969c0d7b7b5ca65ccfd0d6a375931a6826eca1a8c7.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections