General
-
Target
8ffd23b830310aff1b36650451de718fdbdaeb2741867efb27d28e702821a28e.exe
-
Size
89KB
-
MD5
cf4e5365f4010e1e1c3da8e502171840
-
SHA1
8bf8fe9a7cd413fc46e8ea218499571abc7750c7
-
SHA256
8ffd23b830310aff1b36650451de718fdbdaeb2741867efb27d28e702821a28e
-
SHA512
f19d0945a214994c49be202eb9533db6edfa592d4cb02535ac50fc2850be0eda2ab506eab18fa20280f803a4fbf4180a3b2dd6eecfb4d5b7388a46b9076f2b7b
-
SSDEEP
1536:r17xNrfZasEHmXeXvsdceQ8LGXSbt7/+hmuk8lz6JxF2q0Oh64Lo6Sj1xdSYi:rV/ZPdXe/sd7LsSbt7/GWiq0Ohbonj1m
Score
10/10
Malware Config
Extracted
Family
xworm
C2
office-franklin.gl.at.ply.gg:24536:33829
Attributes
-
Install_directory
%AppData%
-
install_file
XClient.exe
-
telegram
https://api.telegram.org/bot6334490377:AAH-lXvBkXB8m1zAjFxTRAd4ZbTYva3fvLY/sendMessage?chat_id=5519921687
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
8ffd23b830310aff1b36650451de718fdbdaeb2741867efb27d28e702821a28e.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections