Overview

overview

10

Static

static

10

2852-12-0x...ry.exe

windows7-x64

2852-12-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    2852-12-0x0000000000400000-0x0000000000410000-memory.dmp

  • Size

    64KB

  • MD5

    d6c95a71569fcbaea8eac823863f19e0

  • SHA1

    572a525748edbc483aec69b8e8351968609d9ac7

  • SHA256

    c8801b24e08d60020a530387adebc7ea07de10d32569095d2eed39594a398616

  • SHA512

    ac00e57d84e4f543dec5ff1eeff324ff948d24be93a49fbc5ce4dc61d8dd17c91fd75cda2a681b792bf0dd9567a8d752252d96ad4bf76eb9ceba2ba84649cbea

  • SSDEEP

    768:BDc35M27/DUkQBQzA/FK9OD36xOMh8QN/:Js5dPmB4EFK9O76xOMGS

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

185.222.58.35:4760

Mutex

bMaRyCcqw3sEDe3P

Attributes
  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2852-12-0x0000000000400000-0x0000000000410000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections