General

  • Target

    FatalityCrack.exe

  • Size

    74KB

  • MD5

    44217b6e8f45f82ebffe92321639290b

  • SHA1

    6bd7da4585d438bc28d5350b9415b6d73b32e807

  • SHA256

    657dcc3378b3dbbd131926612fb00e67683ccbc64dc2d743fce213734804f427

  • SHA512

    a68f7f194aadd63dcfad5af49dac4def19748e8fb657ab4cc06b514a1a7a2f5fb42424cb1a54a259987487558f2f2c950a1fd219a59f9b27ef826774ae27e7c8

  • SSDEEP

    1536:FNhc3BhmLTzjuReXV2y+bo0QnRr6wDeTJPovOoRnaRxsZP:1cxEWRsV2y+boveoOoRN5

Score
10/10

Malware Config

Extracted

Family

xworm

C2

userxmorma-27072.portmap.host:27072

Attributes
  • Install_directory

    %ProgramData%

  • install_file

    svchost.exe

  • telegram

    https://api.telegram.org/bot8050356849:AAGkujkVbiAoFzC-JTeiZPs5sCb3sdrY2sU/sendMessage?chat_id=8050356849

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • FatalityCrack.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections