General

  • Target

    DisconnectLoader.exe

  • Size

    299KB

  • MD5

    a1402e4eb98f1315e539ae57cf6553e2

  • SHA1

    5c01edfd70d19c0cf8939930dd5577476f0b76d2

  • SHA256

    1f03986d28f33070e9d13e9337f8a1f84b1e4c3cb02db0613b7f3ca4c0aa02b5

  • SHA512

    dade0482a6b0b26cf713bfa7623f84199bd33e1d087af826d6f25af1b9204902d7ca2a38bad66a42ea074ef8f54785590236ac797b65d88ff2b96765f2ebb4b7

  • SSDEEP

    3072:fufodFK9MKOj7H2QAsSdADRq6ty71wtYM77ldY7AXTp2kA3:frK9IHuwH77Ppj0kA

Score
10/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

dane1c-58098.portmap.host:58098

Mutex

scIy1UkjzpZZKLfI

Attributes
  • Install_directory

    %LocalAppData%

  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • DisconnectLoader.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections