General
-
Target
376dbd9053eda767a78ba64902d613a6.exe
-
Size
910KB
-
MD5
376dbd9053eda767a78ba64902d613a6
-
SHA1
0e1c2932e1ffa95e08b26701d3712fa73215b7a7
-
SHA256
dc6f6cfe00f36f062e9c239ce735ce74adac8a99924855d9be14122ab950f624
-
SHA512
9f26eaf5d115ee85b619f5a5c4216e5e946e36173c6e76d147dfcd3ffa08cb19e3506383c176ca44c5b218862b09e3f1e4b88af8da831878fdd7e462fecff09c
-
SSDEEP
24576:rjdls6XgBl0S+K7VQy6yXiJC0ABKPamoLi+t9RQAPxEhl3q8gBl0S+K7VQy6yXik:fU6XgBl0S+K7VQy6yXiJC0ABKXii+t9h
Score
10/10
Malware Config
Extracted
Family
xworm
Version
5.0
C2
meterpreter.ddnsgratis.com.br:4443
Mutex
hBFuAxRY13vkdtFY
Attributes
-
Install_directory
%AppData%
-
install_file
svchosts.exe
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
376dbd9053eda767a78ba64902d613a6.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections