Overview

overview

10

Static

static

10

2152-773-0...ry.exe

windows7-x64

2152-773-0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    2152-773-0x0000000000990000-0x00000000009A4000-memory.dmp

  • Size

    80KB

  • MD5

    e13810b79f18da8fe35d89e8c53abe52

  • SHA1

    601a2e5d789e1aa9e8ed643878c02b66062b107c

  • SHA256

    76172f3f0cb62ca48be258ebb23a8ffc5d844eec6ca0c24fbdc425da77043a1e

  • SHA512

    4fa2492a1bc32c4a61a7b708947d073cdbd87f5bf2dfe6e1c05f3255b8175a5965c32b1bc5d8c5f4f70510652a158906ed83c1de1e681a7eb0c024d914e6f4ef

  • SSDEEP

    1536:Z5aQb11rNvYKf9UOHimHjUt4kbiidEhS6AOjmAah:ZhTZbf9UOHiOj24kbiH8Ojlah

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

157.254.223.19:8000

Attributes
  • install_file

    USB.exe

  • telegram

    https://api.telegram.org/bot6440201303:AAFWK8ktoaf4BhwoOKOZW85fYC_jmgFy5fw/sendMessage?chat_id=1734472346

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2152-773-0x0000000000990000-0x00000000009A4000-memory.dmp
    .exe windows:4 windows x86


    Headers

    Sections