Overview

overview

10

Static

static

10

2160-8-0x0...ry.exe

windows7-x64

2160-8-0x0...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2160-8-0x0000000000400000-0x000000000041A000-memory.dmp

  • Size

    104KB

  • MD5

    e90a5eb099c8a157dd06adea705b8fdd

  • SHA1

    0d3f7652e110b19111916fcbb54c118fadf29028

  • SHA256

    bce85986eaee6c03d3e9ac9def8ba06dee0147cdd0ce91dd617745e46b0f5948

  • SHA512

    163175c4f3af4e676c0040f0850847f806f0829e553da889fa3b41715e5908f359108083e1be51cd1f5b8980be050103ec7fe28ce92e9e18aa61a10a9512e30c

  • SSDEEP

    1536:LMfYLQQbVzMtEWPidb2fS+nLXYn6dHeJCOeix/6:gmzMS8Ob2qK7fxOe

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

C2

secure-connection.portmap.io:62391

Attributes
  • Install_directory

    %AppData%

  • install_file

    svc.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2160-8-0x0000000000400000-0x000000000041A000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections