xworm | 505ce1818ada8dbd34cf295e5189e10d98c4896cf2d3db41300ef9cd651dc78d

General

Target

505ce1818ada8dbd34cf295e5189e10d98c4896cf2d3db41300ef9cd651dc78d
Size

42KB
MD5

451b5dd0efeb86d08fad09589fbf21b4
SHA1

fa65f415cbafd64b3db63c6b933ad4d05a450e5a
SHA256

505ce1818ada8dbd34cf295e5189e10d98c4896cf2d3db41300ef9cd651dc78d
SHA512

e7452ab61926c393c81b2bf153061622a53bb70430a692d4a7849166b28f342a2bd5cf1602720225f449c5217f8b56cab4356746c6b7229a23425edc5e02020e
SSDEEP

768:aAQvdFxJJaxI1/P4VG2cvMQvubmlGFRPh9wrSOChORBii3IE:uvL3YyVCy2pFb9wrSOC4TJR

Score

10^/10

xworm

Family

xworm

Version

3.1

C2

172.20.206.52:9999

Mutex

y2AGo0a7qP5kmOrz

Attributes

Install_directory
%ProgramData%
install_file
IDMActivation.exe
telegram
https://api.telegram.org/bot7338188080:AAFnCQNmo6MTeFsEQKBLB1OKHKQrfdOS5tk

aes.plain

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
505ce1818ada8dbd34cf295e5189e10d98c4896cf2d3db41300ef9cd651dc78d