General
-
Target
test.exe
-
Size
41KB
-
MD5
14ba5e24c48fdb89869f74ef6b39fb91
-
SHA1
ee472017864227ba1b16bd0becb71e213012b4af
-
SHA256
4ecf9e1e2dc279254aefa5a1e3befa0b7d46e9a255fc153aa36fc46329a881ee
-
SHA512
ead6a3c7156322b99c48f39ad808661c6c0758017c07ddb542c067f4b3746f90e5b8158b7e9bc68f85e534cc83b7da5c74496e546740cfa3d4ff0eecf6fa2dbc
-
SSDEEP
768:FV396FPL5Qskay6WJF5Pa9ORM6cOwhG33X7N:btojyfacFY9AM6cOwQH5
Score
10/10
Malware Config
Extracted
Family
xworm
Version
5.0
C2
vshostupdater.duckdns.org:1177
http://vshostupdater.duckdns.org:1177
Mutex
wUXlZfe2ZEy8St4a
Attributes
-
Install_directory
%LocalAppData%
-
install_file
Steam_Service.exe
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
test.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections