General
-
Target
NezurBootStrapper.exe
-
Size
59KB
-
MD5
6f34954a7562858ef69c14f68afd9f14
-
SHA1
482a3ae892f241107e510fffa6001dfa7b941953
-
SHA256
9e5a2408aaf570ec2bb11638f7cf1e7299ca059ce2267d047428346543157540
-
SHA512
7ac07b80d1d06776efa4770764c680715c420dec9b6e25ec18b006c0ab46f55e033ad6c7c44dd03c3566da720fd5c21f34b613358acc65c5f551d5ac08566cae
-
SSDEEP
768:4vnC1PzVI2N5KC0mQpNWGwEVNoxau7gp39ykqVpZ5Z6kbpTuzsZWf3NOHEprTKPt:+I+7QyGLgDqDckbpTEsZ6r0cO7b
Score
10/10
Malware Config
Extracted
Family
xworm
C2
195.88.218.126:2404
Attributes
-
Install_directory
%AppData%
-
install_file
svchost.exe
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
NezurBootStrapper.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections