General
-
Target
jez3kcheaty.exe
-
Size
34KB
-
MD5
9136bd273d1775f91fdb7d74bdced16f
-
SHA1
87887fb55990987d4306bf3f5fd1dc15126f4d39
-
SHA256
379a3e62f67815cdb832dafeeb44f15f5cb10f3358db10f2e324379a28cbcf6d
-
SHA512
9fb535eae987a66357e542033bcf1dff607b6b12ed6aadcdfe20bef089262be62557b3b81ae7748057ed041ef06de517bb08fcce3fa0f18c7ecb0a11e7600e63
-
SSDEEP
384:5SyXlquOae6oKoBmoDnnGvBLmlkCwvHixdTD2VR8pkFTBLTIZwYGDcvw9IkuisXu:8yXiBDAtYkC4CaV9FZ9jaG0Ojh8/4b
Score
10/10
Malware Config
Extracted
Family
xworm
Version
5.0
C2
lefferek-42016.portmap.host:61672
budget-compiled.gl.at.ply.gg:61672
Mutex
05Sqy1TNi42fBtLd
Attributes
-
Install_directory
%AppData%
-
install_file
DiscordClient.exe
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
jez3kcheaty.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections