General
-
Target
2420-3-0x0000000000240000-0x0000000000252000-memory.dmp
-
Size
72KB
-
MD5
679705c9cca37b2e02dc4eb0507c611c
-
SHA1
dcba3bdd9b3374d2ff3cc6b40870e2b3fea61248
-
SHA256
4b7ccaaab82752c1d9487ad812a6d39abd32be4061d7e7a013fdc6489f92f800
-
SHA512
6c674396169e2dca911f36a9985c1baf9c5dcebf0c61455392219ea0dfb3b8f8a5aaf3c0792eeec65aacdd9ee37cae35c99937b3f948ff5cb66522ebbef51da5
-
SSDEEP
768:AeRSeZHR7h/l5+oLqB3rFj9M72R6SOzh1GjKCxx:Ae8kb6ogFj9M766SOzfOvj
Score
10/10
Malware Config
Extracted
Family
xworm
Version
5.0
C2
normanisback.com:7000
Mutex
pUGOnDcdacBYjUzu
Attributes
-
Install_directory
%AppData%
-
install_file
XClient.exe
-
telegram
https://api.telegram.org/bot5112782641:AAHwu2OfP6087e_NGYpR3uEVsQFQYniEygI/sendMessage?chat_id=985608946
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
2420-3-0x0000000000240000-0x0000000000252000-memory.dmp
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections