General

  • Target

    WizClient.exe

  • Size

    69KB

  • MD5

    eb1a4c2f1ebe478a758e89f70aafe73e

  • SHA1

    68173e22badb23346e245c2f0ed0120436928260

  • SHA256

    0eac0871ab02a7a72d6ff047d0580033307061178b9915691fbe3c4798837a44

  • SHA512

    e50c36364f391507e74cac1293068aced9cbf456a4ff16fb44f69e33466a14076d2e5b37ed1b9a98f0868951362a71c21daf2ea1b1be9fc2b3df2a792af484ae

  • SSDEEP

    1536:140Q0FlvWHBjsYzpblUoB4AmzG6zgryqOSv:149sC6YzpbWoLtOSv

Score
10/10

Malware Config

Extracted

Family

xworm

C2

wednesday-knight.gl.at.ply.gg:48312

0xF488F3FA5541d79f0b1945ccA834cD6d939dD864:1

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • WizClient.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections