Overview

overview

10

Static

static

10

4308-49-0x...ry.exe

windows7-x64

4308-49-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    4308-49-0x0000000000400000-0x000000000040E000-memory.dmp

  • Size

    56KB

  • MD5

    a9d76a0102bdee8905cdf3007138dc4b

  • SHA1

    a546ae21cfe8b630936935c2d793a71cd4579a12

  • SHA256

    0473409f53b5c6f4975a8b608ed1a1e012a80bee88a2c918e38ab201dfde3073

  • SHA512

    f4ce27d40ef7214102977b17c34986ea6a3ce95a847b9f7477e0a3d82f2ea9928aa5389868b351e16125fa815e955cbedddcc5de6862aef6999a92b194ae6d4e

  • SSDEEP

    1536:kDGkptwyZScCkU4rNUsZcB5o5HF5927O940:uxUsb1F5927O9R

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

3.1

C2

tcxerr.duckdns.org:6677

Mutex

wqMdctfK8OnYMwp3

Attributes
  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 4308-49-0x0000000000400000-0x000000000040E000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections