Overview

overview

10

Static

static

10

2644-8-0x0...ry.exe

windows7-x64

2644-8-0x0...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2644-8-0x0000000000400000-0x000000000040E000-memory.dmp

  • Size

    56KB

  • MD5

    b4dd1d4e61f7c7bc89205f7f648ad769

  • SHA1

    537851d7fea333a94e7b9308a9d624baf2936381

  • SHA256

    1b081b4a91abd2fd2f2bdcecf2f01134c1ae62e285427420ca6094f12b96b53c

  • SHA512

    7093b979b1395b66316a0063e6f7407b1c6ac39a283031680bdca3dd6421cd174320f6c99adaea91cca625c596d3b45a8a8d5d9940dcf062f30a98eee32b8f90

  • SSDEEP

    1536:2DGkptwyZScCkU4rFUsZcB5eHF592AO95:sZUsBF592AO9

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

3.1

C2

xwormfresh.duckdns.org:7002

Mutex

Ytep6ubSVJFcAJf5

Attributes
  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2644-8-0x0000000000400000-0x000000000040E000-memory.dmp
    .exe windows:4 windows x86


    Headers

    Sections