General

  • Target

    WizClient.exe

  • Size

    74KB

  • MD5

    69cad671f60367927329bbd20f91bed7

  • SHA1

    9aa6c82982591ebc0c64cc94d2efaac7378bde86

  • SHA256

    dc94e48f4fd4cdf8049e6ac2ea9b65df93936015c50e26d0c8d6b2217e7d539b

  • SHA512

    bb4a49b2eada56d9d9c0fd7b7464447460e7bb84c6416f632295197562e65a456d33099799d3083684c45150ad362d036ee0eb843745272d5accab5ff9a525f4

  • SSDEEP

    1536:ObGA+5D6BRZ2Ka+QRPPN7cmKuZbN5NTEkIG6QOj89RnXqDnnl:ObGpsBRZ4d9bZbN3EAOA9RnXqLl

Score
10/10

Malware Config

Extracted

Family

xworm

C2

141.98.252.138.224:5552

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • WizClient.exe
    .exe windows:4 windows x86 arch:x86

    Password: dfdfdf

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections