Overview

overview

10

Static

static

10

CrackNursultan.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Nursultan.rar

  • Size

    20KB

  • MD5

    f86bad64daddd564601b3a92f6d81fde

  • SHA1

    fffd47489489e78149cc6f6282badcd2a1c430f2

  • SHA256

    0dd5a114e7d389f01b0f1a056ea07113f6cb82c658792acb190116c351cf4a79

  • SHA512

    81424de6a35b6f332f97b7f31d7c677034bf18bb58ff11bbfe9b1029d26e8d145f49d9c88e7888b02c92db188059235bfb744daa40fe7e22fb296480aa52c255

  • SSDEEP

    384:msXZwnvLdLQ8GLPzC1FJH3/sWTkv9xu2eDBKLUoowMiINVWXj:fXZwvxs8MPz0JfQ9xN0B/orrIij

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

none-lender.gl.at.ply.gg:36612

Mutex

QL9J4s6NzbX41Soc

Attributes
  • Install_directory

    %AppData%

  • install_file

    svchost.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Nursultan.rar
    .rar

    Password: 123

  • CrackNursultan.exe
    .exe windows:4 windows x86 arch:x86

    Password: 123

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • Data/Podni.txt
  • Data/bin/win/DOYGH.txt