General
Structural Analysis
Config.1
Yara Rules99+
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | 0e60ffa9b5c990987cfae0ca0dd88b41
|
| Sha1 | 74e48371497a74cb3ff114743553674d75c3d71f
|
| Sha256 | b11fb600cefba3bae661b14d1f68d0417f05befbff494d670ff06d633869b578
|
| Sha384 | 83e81e33f9de1d488714685bae7cac89f4f0059475dda772e0a08c8c05ddbe4addf0049fd1c7f603af2367477707b1e0
|
| Sha512 | e9a7cb981deb78fa6971b28d1d85831740186b273377247f83ff3cb482d399105d348dc0f26bfd68d783c91182c7537353e0970d8ca2d8957d73d1c87547ccdd
|
| SSDeep | 1536:QBNWgh9qsQ8QVFjqH7iVHaz1bKGmNlvv6KdbPOxFFXbD1:QBth4fqiHaz1bKGyfhPOxnX31
|
| TLSH | 5F938C287BE60439F0FF9FB45DE16162D73AF6236903E51F18D9024B1927A84CE416F6
|
PeID
Borland Delphi 7 - Nstd EP - ASL sign
File Structure
0e60ffa9b5c990987cfae0ca0dd88b41
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
CODE
DATA
BSS
.idata
.tls
.rdata
.reloc
.rsrc
Resources
RT_RCDATA
ID:0000
ID:0
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - XWorm config.
|
Config. Field0 | Value |
|---|---|
| Mutex | qsccJdpDJBL36A0J |
| Hosts | thursday-cabinet.gl.at.ply.gg |
| Port | 21967 |
| KEY | <666666> |
| USBNM | <XWormmm> |
| LoggerPath | %Public% |
| family | xworm |
Informations
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
Artefacts
|
Name0 | Value |
|---|---|
| Mutex | qsccJdpDJBL36A0J |
| CnC | thursday-cabinet.gl.at.ply.gg |
| Port | 21967 |
0e60ffa9b5c990987cfae0ca0dd88b41 (91.65 KB)
File Structure
0e60ffa9b5c990987cfae0ca0dd88b41
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
CODE
DATA
BSS
.idata
.tls
.rdata
.reloc
.rsrc
Resources
RT_RCDATA
ID:0000
ID:0
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - XWorm config.
|
Config. Field0 | Value |
|---|---|
| Mutex | qsccJdpDJBL36A0J |
| Hosts | thursday-cabinet.gl.at.ply.gg |
| Port | 21967 |
| KEY | <666666> |
| USBNM | <XWormmm> |
| LoggerPath | %Public% |
| family | xworm |
Artefacts
|
Name0 | Value | Location |
|---|---|---|
| Mutex | qsccJdpDJBL36A0J Malicious |
0e60ffa9b5c990987cfae0ca0dd88b41 > Resources > RT_RCDATA > ID:0000 > ID:0 |
| CnC | thursday-cabinet.gl.at.ply.gg Malicious |
0e60ffa9b5c990987cfae0ca0dd88b41 > Resources > RT_RCDATA > ID:0000 > ID:0 |
| Port | 21967 Malicious |
0e60ffa9b5c990987cfae0ca0dd88b41 > Resources > RT_RCDATA > ID:0000 > ID:0 |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.