Overview

overview

10

Static

static

10

1348-199-0...ry.exe

windows7-x64

1348-199-0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    1348-199-0x0000000000370000-0x0000000000AB4000-memory.dmp

  • Size

    7.3MB

  • MD5

    6d3d8eb4cc18d6b7ae025ba355efe6c6

  • SHA1

    f34595fa139af35e206c622f9d370fe55ef58f9b

  • SHA256

    5e72da79f3dc9b67c0d4250329576d0ab36ea6e2a785aaf38e99958aec4dbcb0

  • SHA512

    dfda8bc96afe988692a63648ab07c8beaeb6d20fb4040e812dbc85497c750492fd4058efa9f436f3dace3fba05eb5df6a96e0fe503cd7d8b3e43ab14a82b4833

  • SSDEEP

    384:97wTA+5OfPgEBQqWvfcQLZe3s80hYACSqRFNPjg2uRugtFuBLTIOZw/WVnvn9IkI:1rgECfLH8MYAoRFNU2uBFE9RsOqhcb6

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

C2

gunitp.duckdns.org:5050

Mutex

oM1fZsao2TH3IcOi

Attributes
  • install_file

    USB.exe

aes.plain

Signatures

  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1348-199-0x0000000000370000-0x0000000000AB4000-memory.dmp
    .exe windows x86


    Headers

    Sections