General
-
Target
worm.exe
-
Size
44KB
-
MD5
c5582c5a0f4569e3bddd255f62081f3d
-
SHA1
6714c1ccf695d9fbd4ef3c0a1b67fb63b5f96487
-
SHA256
a71c8484a2a3d8f3cb4ec808e63123d5b2bc3df32a9dad5ade2786700687c1af
-
SHA512
33aa4d2dcd3f89bf061e6e7aaff3dcd7d3c863707f0e3814ee17d94b0856531897d9494de7eb2bcc2d2f05934abeb7f29cc8fd9e00f3bd382cc57b3652abdc51
-
SSDEEP
768:+/rBwm5VCiTqFaD0hrOols+qLYMBA+F+t9pf72b16iOChvbVLSJ:+/uQVCiTqMD0hr/beBRFw9Zqb16iOC5g
Score
10/10
Malware Config
Extracted
Family
xworm
Version
5.0
C2
192.168.1.106:7000
193.114.128.233:7000
Mutex
YJuSg89ZuiLRg1IM
Attributes
-
Install_directory
%AppData%
-
install_file
XClient.exe
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
worm.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections