General
-
Target
32acbdf48472ba783782b6e201bdff5d.bin
-
Size
38KB
-
MD5
6cf5ab9d111bdbd5436a836015d82bee
-
SHA1
e21c298e75432dd53a3a850000d0f48a23e58a05
-
SHA256
a8f081e6e250dd083df3401114615254ac56a5f6ec5bf3b58a56a6cadba7e2c8
-
SHA512
97f9763f95fa3b116292283cdb85e64c04039b819d2efa701bd5e3e28801cf310c4b3be45166c96c10385aa1100fa48d32ebd5a14b6426953e04cfc3fdc6bac7
-
SSDEEP
768:ib/yGIzC/wUMY+TUDZ2XqsJND1QgUwFRT7vZug4CD297qKTrGFcp+0A8k:K/yGQC/06IDyghfvZ74CDg+jVR
Score
10/10
Malware Config
Extracted
Family
xworm
C2
22.ip.gl.ply.gg:18766
Attributes
-
Install_directory
%AppData%
-
install_file
comhost.exe
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
32acbdf48472ba783782b6e201bdff5d.bin
Password: infected
-
529ff848c96ad5781e1fca999b5abdbcf40fc9696f3a1e4171418bb40ca34ff0.exe
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections