General

  • Target

    250502-m7emgssrs4.bin

  • Size

    94KB

  • MD5

    9703ca1aa7b76a5cbcbc44f1e88ab0da

  • SHA1

    527a3bea16ca6cbd11daafa04478274878660d3f

  • SHA256

    beb15b54dc5b31d30e4a950db36dcc33b8fe1f29c6567c5cf9ca93bee7c17fce

  • SHA512

    0d8add3c5c56e9a56112f7283aee201d77d0336963dca561cc7ff041f970da410c21d2d099c4e30bded52da85093f37e681bf3d57f461c32208bd92277763e20

  • SSDEEP

    1536:00A1Vii3CCFVAmJOvSHyz0oiWuGTf+b6HPKmQ76xK+OMFS9hBKUEF:07XNHSz0ow8f+b6XHK+OMsOl

Score
10/10

Malware Config

Extracted

Family

xworm

Attributes
  • Install_directory

    %AppData%

  • install_file

    svchost.exe

  • pastebin_url

    https://pastebin.com/raw/2Q991bze

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 250502-m7emgssrs4.bin
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections