Overview

overview

10

Static

static

10

2564-30-0x...ry.exe

windows7-x64

2564-30-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    2564-30-0x0000000000400000-0x0000000000416000-memory.dmp

  • Size

    88KB

  • MD5

    b58741b224ebbae7cf54a0a9f17e0576

  • SHA1

    cbec8d97c4645d880e2035c6240047966db22423

  • SHA256

    c619851f1a0dd916a3275e6d28709e0f767584a09a40f982421de0346590ae5c

  • SHA512

    a9da03b80be468dd4b19293bc94fd48e501e9a8b7eb2975796891223c747939bf5de44283a0c459f48f4e782b4e3d5b258e4071864ff03e60019960bdb7d694e

  • SSDEEP

    1536:4Mav42AlbwOD/lAnvA1qoPaAt2fOxh4bTxzGImXZOHDhH7O:41v42s/SnvyzPaExh4bT9eOjJO

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

3.1

C2

zafa02.hopto.org:4444

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2564-30-0x0000000000400000-0x0000000000416000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections