Overview

overview

10

Static

static

10

1256-918-0...ry.exe

windows7-x64

1256-918-0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    1256-918-0x0000000000560000-0x0000000000574000-memory.dmp

  • Size

    80KB

  • MD5

    f81d0b6367a8b08a2189f3a0b8deab28

  • SHA1

    1aba5148839f5f068fe36613b4d6728b5f4bd592

  • SHA256

    bc948401577ef9615e2092bb83420300d0a45f4328d44d02eacc63bd9157cbfe

  • SHA512

    77fc47940064409e2c1217ef2ca42ca59c0919d741ca24d399c19bd504db3940888a8c011c1cfde4e31065eb84169e6c110fb5476485c71d3fb9367ece3d2153

  • SSDEEP

    1536:M5aQb11rNvYKf9UOHimHjUt4kbiidEhS6AOjmAa0:MhTZbf9UOHiOj24kbiH8Ojla0

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

157.254.223.19:8000

Attributes
  • install_file

    USB.exe

  • telegram

    https://api.telegram.org/bot6440201303:AAFWK8ktoaf4BhwoOKOZW85fYC_jmgFy5fw/sendMessage?chat_id=1734472346

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1256-918-0x0000000000560000-0x0000000000574000-memory.dmp
    .exe windows:4 windows x86


    Headers

    Sections