Overview

overview

10

Static

static

10

e2a569f0f5...2f.exe

windows7-x64

10

e2a569f0f5...2f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3db7f780cfc50d086820b95947a61e59.bin

  • Size

    151KB

  • MD5

    9466513ea9b1deaed05b7029d44a1059

  • SHA1

    b98f8084f4746dcf3f4110e6f338b7a53b957f37

  • SHA256

    455c691649fb976fe7c7c1c816b97972c1826e3f053e483cdeaea9a839b05944

  • SHA512

    b92901675aa996d0abaec798e6cd658d0d8c5d71a3e8fc2dc107c5c57ea307f5bb0748484116ead3fe4bb592f96d5f8e7492a2cae4626dc42fe6e8e23cdf4dc3

  • SSDEEP

    3072:AUUU5RtcK6xi2xJ0sjWAXsmE5xIAyB4Wn7V8TpCOiFgLlNXIsn:tUgexrSRzHW7mQOGYTIu

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

C2

154.197.69.131:7005

Attributes
  • Install_directory

    %AppData%

  • install_file

    crss.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 3db7f780cfc50d086820b95947a61e59.bin
    .zip

    Password: infected

  • e2a569f0f5168d11500b6e5f5c0ad0c900c45be7cbab68f0c354318123bf942f.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections