General

  • Target

    NursultanAlpha.rar

  • Size

    46KB

  • MD5

    cffb4f2950ab2e8d178619846aba3d3a

  • SHA1

    05914b67699c2363de5ef87e1c3f64e98c3e74b2

  • SHA256

    3fc6f29620ca3d2d3dcad02688d1280ab9ded7ec00187e2396fa8462e90d9a8e

  • SHA512

    4ba0b14d022ea8c3faeded5de744a120f86d972aa9a4eb46998e2a2062f78d31d4aeef603f4551225c3f7ee67935348c0d92ebbdb86bd20bc0249692d0755fff

  • SSDEEP

    768:PqLbyVhiIUpYioG0zdD8hxgZD8fGGjjVnRIVkDIZwJTpV2PxUyN3AJDSEWOlx3j:Xn+K1pNek4fGENRIVUIZwhpkPxp3AJse

Score
10/10

Malware Config

Extracted

Family

xworm

C2

letter-pairs.gl.at.ply.gg:56734

Attributes
  • Install_directory

    %Temp%

  • install_file

    USB.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • NursultanAlpha.rar
    .rar
  • Java/About Java.lnk
    .lnk
  • Java/Check For Updates.lnk
    .lnk
  • Java/Configure Java.lnk
    .lnk
  • Java/Get Help.url
    .url
  • Java/Visit Java.com.url
    .url
  • MUST SEE.txt
  • Nursultan Client.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections