Overview

overview

10

Static

static

10

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    14bc4d2a29d8a973d2f03ec580788a525964acec8319a4ea80ed4e607256a790

  • Size

    170KB

  • MD5

    5b47f4a83ee7284db1e5ba379d43c7d9

  • SHA1

    cfc90228eaea4759e847a3d27ac17a64974619af

  • SHA256

    14bc4d2a29d8a973d2f03ec580788a525964acec8319a4ea80ed4e607256a790

  • SHA512

    f94f831f1fda9258533eb8c3b6c881361150ff00497e2705273e445280f8f594ca05dc83fec284a32de4183909930278c45c54f9766150876ef261e2d652bf54

  • SSDEEP

    3072:sNHpNAEkbneytOVAg4NpVq8BxFRzaqF+o2GQJ7/JzqVfGvp:sNHrA3beykgVqwlL

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

C2

103.54.153.49:7000

Attributes
  • Install_directory

    %AppData%

  • install_file

    sivhost.exe

  • telegram

    https://api.telegram.org/bot7494107796:AAGU4TndpnvV7Y2NzCfrhWpTyz8bY2er9YY/sendMessage?chat_id=1948282795

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 14bc4d2a29d8a973d2f03ec580788a525964acec8319a4ea80ed4e607256a790
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections