General
-
Target
Excellent2.0.exe
-
Size
77KB
-
MD5
fa9dbd782dfb5bf2f278c4bc6a73279e
-
SHA1
dc01ceae67b4983111677b421691903a6eba150b
-
SHA256
40d127a2d334e18d6e80801667a5d1e356f8c8a142563e360ab4f15796737428
-
SHA512
dc0a3c67ea86b7dba4016800ddb03c27cc87932fe9244658675c470c3cb8b41f6fb1d1fe87feaef60acc80d65de26ba3ea5e100382bfbdf9c8e6829c5c1c3c04
-
SSDEEP
1536:rdxon/N6GtnKEc2wP8UiQksF+bVMp23aYkFDoPjPT6HMXkzf2YyjjmO82C3hk:gnF6GtnKTB0Ckk+bVMS9TXU+biO8x3hk
Score
10/10
Malware Config
Extracted
Family
xworm
C2
africa-wins.gl.at.ply.gg:41663
Attributes
-
Install_directory
%AppData%
-
install_file
XClient.exe
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
Excellent2.0.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections