General
-
Target
2b4497ccddba9c228970c3a826674c70N.exe
-
Size
41KB
-
MD5
2b4497ccddba9c228970c3a826674c70
-
SHA1
4b4119dab6fefb08063882a0809327adc701fd48
-
SHA256
65d244e4e0310d59ca1cced893e75e50a8d438c10cfc3ae81379e11a444eb021
-
SHA512
155dd287846b35e064a918d7e11aaca57f5230399c22c92630ece350f9f0157262f7521ac6f65b1a9b9525f2609a7c7daef31b51d46e950f19e69fa3e5a9c01e
-
SSDEEP
768:B4Nuq+Ok9gZ0yxQC1F5kmxN7JF5Pt9OAH68OMh23/1S:B4Q5OSgZ0Er1/TjVFD9hH68OM80
Score
10/10
Malware Config
Extracted
Family
xworm
Version
5.0
C2
apple-return.gl.at.ply.gg:11289
Mutex
ODCgsBfGfV8KUbFy
Attributes
-
Install_directory
%AppData%
-
install_file
svchost.exe
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
2b4497ccddba9c228970c3a826674c70N.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections