General
-
Target
1696-4800-0x0000000000400000-0x0000000000410000-memory.dmp
-
Size
64KB
-
MD5
fb5681781db6d5aa79c3675824ef89bf
-
SHA1
3bc0c4a3eed5f8db5b5322fec53bd1446d59811f
-
SHA256
a536aeaf2ad56868576e32024acaa487c847d5842e1d266692eb3343e79a786e
-
SHA512
15f593c061cf063c12bfbe1c8343eaecd4ce87819f7c88a7962382ee236f6ab84633a3e2834fddef0d2c85c492f81b0b8a8120c72bf3d9d12f0e4b2476fc0c3d
-
SSDEEP
768:2yb3VfYUyZZHkBkHj2F3b98UA/O+hDp+H:TQnbkBkqFr98UeO+1AH
Score
10/10
Malware Config
Extracted
Family
xworm
Version
5.0
C2
147.124.212.213:6161
Mutex
XAQb6tHOMfjaj024
Attributes
-
install_file
USB.exe
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
1696-4800-0x0000000000400000-0x0000000000410000-memory.dmp
Headers
Sections