Overview

overview

10

Static

static

10

e5f8cfe6e3...b9.exe

windows7-x64

10

e5f8cfe6e3...b9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e5f8cfe6e345649c62e0841baf930dc2f9274205e0eb7bd8d90c9099967fc7b9

  • Size

    68KB

  • MD5

    8fe37834502c9cad2a3f4bc4676e16c2

  • SHA1

    b094f4930779e4736faef853eeea262dc8708884

  • SHA256

    e5f8cfe6e345649c62e0841baf930dc2f9274205e0eb7bd8d90c9099967fc7b9

  • SHA512

    1c2ad55d9f75e4ddf3a3fd50f53b49b01e2d8a05333fca8c08444fda8a97d8f3245c1373703ab2eb3ec1267e41cb79dc0df66049c36ae255ab97cccbd690c449

  • SSDEEP

    1536:MATJ3GFPtJ+fEnKZy4bkd3Th64OP/KKoKiR:MATJ3GFfcHbkZOP/KKcR

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

C2

africa-panels.gl.at.ply.gg:36327

Attributes
  • Install_directory

    %AppData%

  • install_file

    svchost.exe

  • telegram

    https://api.telegram.org/bot7097357076:AAFNLSm-3pej5b-uWHuJ42vA2ifmYBH-Apk/sendMessage?chat_id=6237826260

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • e5f8cfe6e345649c62e0841baf930dc2f9274205e0eb7bd8d90c9099967fc7b9
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections