Overview

overview

10

Static

static

10

1524-10-0x...ry.exe

windows7-x64

1524-10-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    1524-10-0x0000000000080000-0x000000000008E000-memory.dmp

  • Size

    56KB

  • MD5

    84ccba672706e774ca4256f4a417a1e9

  • SHA1

    03ff4dbabbc1e96816f49191adcc4fbbc94eea19

  • SHA256

    39d83ecdc9a56920fd646e08cdac0dfcfd410af9a5834ac176f208046c2004b0

  • SHA512

    0714272b14e2faf78c6a6dcd2bb8e243b366532aca5ee38699d3991610f221751986085f7e8f74a6056b8146adfa7cba9cadf24c81fc224eb8dbdb7d46236e9e

  • SSDEEP

    1536:2DGkptwyZScCkU4rFUsZcB5eHF592AO95u:sZUsBF592AO9g

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

3.1

C2

xwormfresh.duckdns.org:7002

Mutex

Ytep6ubSVJFcAJf5

Attributes
  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1524-10-0x0000000000080000-0x000000000008E000-memory.dmp
    .exe windows:4 windows x86


    Headers

    Sections