Overview

overview

10

Static

static

10

3020-95-0x...ry.exe

windows7-x64

10

3020-95-0x...ry.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    3020-95-0x0000018B59450000-0x0000018B59462000-memory.dmp

  • Size

    72KB

  • MD5

    e330a969c7f34628160905b63aefce87

  • SHA1

    ea22781157e3bb9507579d820c98718561c6c907

  • SHA256

    1861de79bc953c3b30e9e2e9eba9215da80b0c5a9b8d9017b80960a40ab8cb52

  • SHA512

    20ae37531d460605d25223911bc845db560c1c7f3a80a5254a7c113de8069f55b0d10fe269ab1049b33deb0dfa9a7ff675b05001ecd80d6336d2c8b84e3b4328

  • SSDEEP

    768:+8mBrqddoRnKbaswBjpIE9j9bfnBwqi6rOWhPnFoeUsQ4kv:HCqVSn9bPBo6rOW1FtrQ4kv

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

3.1

C2

193.161.193.99:61360

Mutex

iKU5R04rJjg81sVB

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 3020-95-0x0000018B59450000-0x0000018B59462000-memory.dmp
    .exe windows:4 windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections