Overview

overview

10

Static

static

10

07ecf0ee68...ad.exe

windows7-x64

10

07ecf0ee68...ad.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ada4045ee6399dc5733826a4d7e43a10.bin

  • Size

    20KB

  • MD5

    13e2d8c8fc3ca74bcdaeed86ae2be0d3

  • SHA1

    1af41a2635599d0b1194426969522d228f00781b

  • SHA256

    6c5dd289cd2ec3345727cbe7430e50c7743596c5b1d258065e23c7a02865c1c4

  • SHA512

    1524d3a3c398603edd727909c5f3eb7a59baa118802ea62c6abd4ea77c47101e65fe4dc07be55eac7da929d4fd044f1f6e4cf6199dd66c79b6483676f3c734b2

  • SSDEEP

    384:dLwcl8Gi+Fy8m/nH2NdtfakTYAeKTuc6IDu36O+aTO25AR/tDmzv+zj3j+HL:ye8D+FsWztfzeM6Mu36Og2yZt6mfT+HL

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

156.225.129.202:7000

Mutex

lUhImY84qBJOkvuH

Attributes
  • Install_directory

    %AppData%

  • install_file

    crss.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • ada4045ee6399dc5733826a4d7e43a10.bin
    .zip

    Password: infected

  • 07ecf0ee68a52e1783da654389f5adaa861b5e7cfff04cbec504e721cc3a11ad.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections