Overview

overview

10

Static

static

10

RealtekAud...ll.exe

windows7-x64

10

RealtekAud...ll.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RealtekAudioDriverInstall.exe

  • Size

    40KB

  • MD5

    54a6f585c5d3483cb50a4ba17be5ec28

  • SHA1

    8226aea9e79c7c82c96536c73db3a09869114230

  • SHA256

    73a815655d2337bdf8990075d452ca008b38a0ab318a396ec9f3dc760f7c4d1d

  • SHA512

    2b6a2bb52065de1f0c71046c854dbabe2f3b60cf34a06970f962d3359bdbade8eb2fcaf644516eda8d7932ea272c913c04d737cd375a85cd6bac1a7da79a56fd

  • SSDEEP

    768:I02yvdzR7qsnAmJRXF425tF5PT95a8bOMhl3Ep:IgR2qAmJ1F42LFx95aGOM7m

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

24.243.20.84:7000

Mutex

Tw3DcWk3xR894OD7

Attributes
  • Install_directory

    %AppData%

  • install_file

    Realtek Audio Driver.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • RealtekAudioDriverInstall.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections