General
-
Target
Celestial.exe
-
Size
41KB
-
MD5
6b302095038a7f1075f2edecb3f5658b
-
SHA1
ea01f9388d8187f7844d650cd10a8e1b9ca484cd
-
SHA256
b2f6fb66fa13efb10a2e6e57202a9cb46a13cf5f86c2593e5ad8f04baac5ea92
-
SHA512
8f66ccef49ab1666493282df7d4793d0fff598b0e8cb1dc47a6c1cb29bdfe97125f9fcd55e592b23878a082a8b60a856c10ebb18f0c5df1c29adfa6a270dcce3
-
SSDEEP
768:VNreDweeLOoHdSgDdeblXvgggzLJF5PG9pmb6vOwh53Eizj:V4DweQldSgDIJXvvgpFI9Ab6vOwnFf
Score
10/10
Malware Config
Extracted
Family
xworm
Version
5.0
C2
these-mine.gl.at.ply.gg:12055
Mutex
euxwSCS1NabyD8wN
Attributes
-
Install_directory
%ProgramData%
-
install_file
Portal2.exe
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
Celestial.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections