Overview

overview

10

Static

static

10

1296-45-0x...ry.exe

windows7-x64

1296-45-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    1296-45-0x0000000000400000-0x000000000040E000-memory.dmp

  • Size

    56KB

  • MD5

    cdd21dc5c407920f3b3e2361f62dd530

  • SHA1

    becd501f68cfe0ef404e4176f32160cf981cfaa8

  • SHA256

    7db21af5c2b8941d1a5a41ba07f25f0bda5725e8b50733e48a3fe24bccf54e35

  • SHA512

    18333b04fffe7a2de54f05b2b11ab193e5acb536e2186d06eb1b9fedbd83111c13b2935f7a4745706284dad43466468bdff1da77b7aab09cad1ff4a01baed0c4

  • SSDEEP

    1536:kDGkptwyZScCkU4rcUsZcB5o5HF592rO9Dv:u4Usb1F592rO97

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

3.1

C2

greatkingxlimited.duckdns.org:8100

Mutex

mNzX49UoCgcdlLh4

Attributes
  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1296-45-0x0000000000400000-0x000000000040E000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections