General

  • Target

    ExelaBuilt.exe

  • Size

    40KB

  • MD5

    1138cb2bc664aeb03e133ff6fb0a0dd9

  • SHA1

    13be1b1f4a4b722d4bff675d443350548fff2b65

  • SHA256

    ae05283b56d6ee3b1d218b454bd9be5aaa1ce7ea578908fbc2e370d3aed4f6b8

  • SHA512

    1437236c6644602eef69a3c30ddd7022b8708ed861ced69141b93bdcf8ead29eb66bd64e6886e92947b9227d553c0712e6e8d5353fb9bf90e5b8e245af0104bb

  • SSDEEP

    768:jzEGWcGjX5ANj0UfKTLvc1vTlFd9tDaOwh3LhxyR:j0T5UJec1vxFd9tDaOwZ3yR

Score
10/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

alternative-pill.gl.at.ply.gg:40543

Mutex

XRr7LpPMdLnlUL1B

Attributes
  • Install_directory

    %Userprofile%

  • install_file

    Updater.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • ExelaBuilt.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections