General
-
Target
5f5892f48081e818d311ae3c472e7993c5ef5753fd2c1febbdb57700dd494656.exe
-
Size
75KB
-
MD5
916c0c3dbd869182265f56753c2275e7
-
SHA1
8ea67747634878f320d30c47ccadf315f964ced3
-
SHA256
5f5892f48081e818d311ae3c472e7993c5ef5753fd2c1febbdb57700dd494656
-
SHA512
5540c158270136d5a2c3981461ee2573f26121a6ac9971e90892b95c16d40cd4fe895a4bc8d06c6ffbbe879d0a772409f35d7a2bc0531531566cf5b59aeb53a5
-
SSDEEP
1536:uhpLWjPWqMwkgtiSAbH2y65v5SHN5uO2Yzp4mgm:+kdxAbH215xSmO2Yzp6m
Score
10/10
Malware Config
Extracted
Family
xworm
C2
147.185.221.22:47930
127.0.0.1:47930
Attributes
-
Install_directory
%AppData%
-
install_file
Runtime Broker.exe
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
5f5892f48081e818d311ae3c472e7993c5ef5753fd2c1febbdb57700dd494656.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections