General

  • Target

    9994b9e197b422529221de7238dc0e44ae21e66d78c48355f31837c3696ec90e.zip

  • Size

    45.2MB

  • MD5

    7994512f16f04d3f8453986c6834b823

  • SHA1

    2d55c18d5d38068e6bb08168ab888ced6cecf4f2

  • SHA256

    9994b9e197b422529221de7238dc0e44ae21e66d78c48355f31837c3696ec90e

  • SHA512

    bf5e74311f55a9329d618d53f729271e323fd53ce6896f3a5926ec2b5e99c0e4fee59febbb3ae2c0fd7e25bcb06cf8258e0fa5f78154f4a592e88c02c1c976b0

  • SSDEEP

    786432:NmChb+7oxxT+J5yefAa198IHZYEFxfXXska4DtK/ayR8A8gnrjGUNfhAMtVHc4Bn:NmCJ+7ox1G5yeoI9/5nFNrx4CUdVnnG8

Score
10/10

Malware Config

Extracted

Family

xworm

C2

185.117.250.169:7000

66.175.239.149:7000

185.117.249.43:7000

Attributes
  • Install_directory

    %AppData%

  • install_file

    WmiPrvSE.exe

Signatures

  • Chaos Ransomware 1 IoCs
  • Chaos family
  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • AutoIT Executable 8 IoCs

    AutoIT scripts compiled to PE executables.

  • Unsigned PE 27 IoCs

    Checks for missing Authenticode signature.

Files

  • 9994b9e197b422529221de7238dc0e44ae21e66d78c48355f31837c3696ec90e.zip
    .zip

    Password: infected

  • 10b20d5ab63333029b484bf4fc528e6cd4dc755c99c31c24054d63f9e3447c1c.bat
    .bat .vbs
  • 13b53797e8ae8969a0fe2fa57463fae3727af51fe094904b0bd5c4ba22bfd262.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    2eabe9054cad5152567f0699947a2c5b


    Headers

    Imports

    Sections

  • 15d55e886566f3da849370afa83b54cf3be37b95be32bfab0ef36ae56663c6ec.exe
    .exe windows:5 windows x86 arch:x86

    Password: infected

    2eabe9054cad5152567f0699947a2c5b


    Headers

    Imports

    Sections

  • 1b5f4adeca66e96ef076cfe25b53be7b9a3bb5a0cb50e69001e8985abe8f580d.exe
    .exe windows:5 windows x86 arch:x86

    Password: infected

    2eabe9054cad5152567f0699947a2c5b


    Headers

    Imports

    Sections

  • 3dc30eca9e2605ee856852687b05a74a8b9463de51a223b8344098ba7b402804.exe
    .exe windows:5 windows x86 arch:x86

    Password: infected

    c4540f421523fe2dc591e50be5ad7d0b


    Headers

    Imports

    Sections

  • 56cd7a444e3f0c16d2b245d5e23f475bc69645bba2aa3d6c9bd22d34dddeb540.exe
    .exe windows:5 windows x86 arch:x86

    Password: infected

    c4540f421523fe2dc591e50be5ad7d0b


    Headers

    Imports

    Sections

  • 5ee74cad243bc459b9068894fa0fc05d40cc8466322315f0132c8275a78112f9.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    2eabe9054cad5152567f0699947a2c5b


    Headers

    Imports

    Sections

  • 5ff273f03e88a8b0a1f58c85dfa28fee6f44766eb09d53c421eb770d6b965e43.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • 60b98a0907f9721cf28ccd684b565f7f77a90565e9a2bd47f75c419472c25a1c.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • 6a910528454646f73cbab1b93c854a0322111c61063711e49257ff9f6317d13f.exe
    .exe windows:6 windows x86 arch:x86

    2eabe9054cad5152567f0699947a2c5b


    Headers

    Imports

    Sections

  • 6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
    .exe windows:5 windows x86 arch:x86

    c4540f421523fe2dc591e50be5ad7d0b


    Headers

    Imports

    Sections

  • 807ebe758087a724108a1ab37dc3c954e2cd8aff85c36a8b849f2fc62929e538.exe
    .exe windows:6 windows x86 arch:x86

    2eabe9054cad5152567f0699947a2c5b


    Headers

    Imports

    Sections

  • 86abfdc3601520afa34d06dec50f9f71716cc6fde9fb3f47523454115cc894b3.exe
    .exe windows:6 windows x86 arch:x86

    2eabe9054cad5152567f0699947a2c5b


    Headers

    Imports

    Sections

  • 89463c1b87a5f32ab2ba59d536134516fa593c29bc0a6eda9e3da390d7f05ea6.exe
    .exe windows:5 windows x86 arch:x86

    75e9596d74d063246ba6f3ac7c5369a0


    Headers

    Imports

    Sections

  • 9bdc43df16cff6db219f2d3dd4a1e4b650262e73f98d2264926b90664942c187.ps1
  • 9d11b8db730658666dad535182ea248063dd23966344d458250219652dc392e1.exe
    .exe windows:6 windows x86 arch:x86

    2eabe9054cad5152567f0699947a2c5b


    Headers

    Imports

    Sections

  • a4af94bf201e48a2a1242d2aea128aff328fbeb5ebd13faebdec74de3717bce3.exe
    .exe windows:5 windows x86 arch:x86

    c4540f421523fe2dc591e50be5ad7d0b


    Headers

    Imports

    Sections

  • a978da26e3782765bee3d190ce3462b793d3efd4530534137eb5611abe39043f.exe
    .exe windows:4 windows x86 arch:x86

    2eabe9054cad5152567f0699947a2c5b


    Headers

    Imports

    Sections

  • ab32de059612580f0eb53b279671fc0210762c2e0632a8868b8e2b8a908e22ee.exe
    .exe windows:5 windows x86 arch:x86

    c4540f421523fe2dc591e50be5ad7d0b


    Headers

    Imports

    Sections

  • abb44519712f906ab7e337c9fab26534d3261c999dd7837ac56b1e61c56bfc84.exe
    .exe windows:6 windows x86 arch:x86

    2eabe9054cad5152567f0699947a2c5b


    Headers

    Imports

    Sections

  • b499bf51c07c785b31e3cd754b988e7a236a511968f08799c3ddeec0c056b34a.hta
    .html .vbs polyglot
  • b5fa8aa1395fd7cc8023279bb7ef6ac1cbe8913d9fc69beab1152a38969fa469.cmd
    .cmd .ps1
  • b67516928b87f8b6d79ead65bbb8edcd969f0ff317402dc1985972e563661139.exe
    .exe windows:6 windows x64 arch:x64

    a06f302f71edd380da3d5bf4a6d94ebd


    Code Sign

    Headers

    Imports

    Sections

  • bc9af86a3eb33dcf9a4fb7ad7b0969f447ad0f0b563e06546c2d24230448938f.exe
    .exe windows:6 windows x64 arch:x64

    9cbefe68f395e67356e2a5d8d1b285c0


    Headers

    Imports

    Sections

  • beda49bfe82dcbd8a63c66c3e7840919e0e8b883d5330e91e066c61a518a1ab9.exe
    .exe windows:5 windows x86 arch:x86

    2eabe9054cad5152567f0699947a2c5b


    Headers

    Imports

    Sections

  • c61196d6b3ae9b0c88afb656c58adee79288de13927f288c767bacf2825e8480.exe
    .exe windows:5 windows x64 arch:x64

    8e94250c88a6c0e478828f96bcbb1662


    Code Sign

    Headers

    Imports

    Sections

  • cb8587628b098897d4e1e2e32272e0fdeb0fc952b5bf16d776c7f1a26d02f61c.exe
    .exe windows:5 windows x86 arch:x86

    2eabe9054cad5152567f0699947a2c5b


    Headers

    Imports

    Sections

  • d1ed381d12ccad419dcc8e8fc14179ef453e03ddd57d6842955ea9ec5176f484.exe
    .exe windows:5 windows x86 arch:x86

    c4540f421523fe2dc591e50be5ad7d0b


    Headers

    Imports

    Sections

  • d381a78fa4db5302f27e196158145adf2f40e87a93c5584d7c8b32153a384b32.exe
    .exe windows:5 windows x86 arch:x86

    2eabe9054cad5152567f0699947a2c5b


    Headers

    Imports

    Sections

  • e520d68864b5bd7f6e54afa9a7f346e850f57c06d11f0780d7d4277e3a5c3bb2.exe
    .exe windows:6 windows x86 arch:x86

    2eabe9054cad5152567f0699947a2c5b


    Headers

    Imports

    Sections

  • e8af6b996ef72510ec7af7342f3a046c4e6ef20fc717af3091ba03a72ffd89ee.msi
    .msi
  • ed5aaeace50d0a131b997c7fea354f6f07db12e3df82caa9da5db4d2380cea18.exe
    .exe windows:5 windows x86 arch:x86

    2eabe9054cad5152567f0699947a2c5b


    Headers

    Imports

    Sections

  • f35d39b293f66612de5c9607630a64de7748f5e468d63133b26180125d19a249.exe
    .exe windows:5 windows x86 arch:x86

    c4540f421523fe2dc591e50be5ad7d0b


    Headers

    Imports

    Sections

  • f555f39b7a32994ab52869fc49b03f87c426db8f18800c1497000d76fb0e2552.msc
    .msc .js .xml windows polyglot
  • fe3e25e07d0c6d9d56cb067571e4dbb7a994c90cf1d7689ee75d83b44e4a8e39.exe
    .exe windows:5 windows x86 arch:x86

    2eabe9054cad5152567f0699947a2c5b


    Headers

    Imports

    Sections