General
-
Target
887dc892255e963fc4d834ffd5d92079.bin
-
Size
35KB
-
MD5
ecfc1489541cf51891319938d96666ad
-
SHA1
86ad2c79536db53252bdc67f0b1a9d35ed22f991
-
SHA256
48903f77cdb75ce3b67fa3912e7d6e9a1536ea0b4a6903bb971c66ea0124c38c
-
SHA512
9fa063d4ef970f9e554260c4b779427b01e22288cf636558210494478bfc3abcc603d62266942ad26d0371d48def57b9c959a701ec3dcc9f61929a5c10948972
-
SSDEEP
768:gwtWMwC/KNSt3RNvomHaSHwKY2o02ebpsLn2AzpYtPfm6ITkT8:gwXKNSJBH5zY2o0RbpsLxaPu6GkI
Score
10/10
Malware Config
Extracted
Family
xworm
Version
5.0
C2
tr3.localto.net:6475
Mutex
GcZrYKQ4KFqNRE2E
Attributes
-
Install_directory
%Temp%
-
install_file
XClient.exe
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
887dc892255e963fc4d834ffd5d92079.bin
Password: infected
-
d483c827b461c93286dc9195dfbd8007a3c6fb19f8ecfa97b60410390aa2bf63.exe
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections