Overview

overview

10

Static

static

10

1908-41-0x...ry.exe

windows7-x64

1908-41-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    1908-41-0x0000000000400000-0x0000000000410000-memory.dmp

  • Size

    64KB

  • MD5

    bdc439934caac62282371ba2ede61f85

  • SHA1

    7f2221662f0e2e67ed9f28e7e8a684f68afe7d60

  • SHA256

    ee1372bacc250e1729d860f0bbd42d23c1e775b784f55341d1c1db363ef09eca

  • SHA512

    4d0677a755808350a541d7af68adb29ca89e1196cce8cafd6fef6ed68f9a9a5e76f727bdad30dd85faaa9e3309e53a09f155cf5521fc45347e69238576b452ab

  • SSDEEP

    768:HDdJjhsFKE8y0R4vRpr3NFv9S+8OMhiLBDp:jdgFeQRZdFv9SlOMkFp

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

opendomain.lyamore-metal.com:7000

open.lyamore-metal.com:7000

opendomain.taiwantradeglobal.com:7000

open.taiwantradeglobal.com:7000

wealthyblessed.duckdns.org:7000
Mutex

AgywBPSu2cDaP7m5

Attributes
  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1908-41-0x0000000000400000-0x0000000000410000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections