General
-
Target
multitool fixer.exe
-
Size
69KB
-
MD5
c0822680b8bcf521199bd778a8ab8fb5
-
SHA1
a67e71b3fc5bf21f6ca7e00071c5228518a1efe4
-
SHA256
a66f7f3719c18785c8a658b1b0dde9348753ad8b07bb5407349cd87562806727
-
SHA512
c517f0cfb1596bf3a3fe6f0754f88f888d232fb3e1755cb0e712f65c90935cbde8fe1610fcf8db4de7f438108359470834cd679290217fb1447243f3732ba73b
-
SSDEEP
1536:fC0Ffd0Sz4p0+u0yveJm/H96Btbpru75jOzl6JiGcOz3VWFIcvkn+C:hj05lm/d6BtbprGIOz3VWFri+C
Score
10/10
Malware Config
Extracted
Family
xworm
C2
blood-pattern.gl.at.ply.gg:24558
Attributes
-
Install_directory
%AppData%
-
install_file
USB.exe
-
telegram
https://api.telegram.org/bot7704029346:AAHPre1lXQa0UfPCpOUXJZ9UXA9mFxvH4Gk/sendMessage?chat_id=7590668020
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
multitool fixer.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections