General

  • Target

    smss.exe

  • Size

    64KB

  • MD5

    93b46dc99bdafd738fdec90ec3a7b65c

  • SHA1

    b6dfb90ec8f04aa026c35d4b368819d6b5649dc1

  • SHA256

    f5cdf3d175cffdbbae859c3a1fd70051e6b14935a23eee0a12c1ca67ec065f45

  • SHA512

    90b11817427967a7905ccaf328da01a91cf0165b58732ebc604f0c18bfe2c83289a16ec72f08c525cffca8b8986bcb6f763fd9b7c87195c057c79aa5d4e09af3

  • SSDEEP

    1536:rA8t341Hy3emotRGJY+JCpM+pAcfVibmIytB9p1zrgbbLb2/ROWiTJ:lt34Y3erqkpzi5bmr1Xgbb/iROWiTJ

Score
10/10

Malware Config

Extracted

Family

xworm

C2

engine-regression.gl.at.ply.gg:34245

Attributes
  • Install_directory

    %AppData%

  • install_file

    smss.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • smss.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections