General

  • Target

    2828-0-0x0000000001140000-0x000000000119A000-memory.dmp

  • Size

    360KB

  • MD5

    f3b2c7cad4ea897411c0dd4f91dd9f17

  • SHA1

    8b24eace0ddd259694fdb30cb57faca511c82879

  • SHA256

    7505eb64302a18e08e580928ce74d85442ff6227b510044b9f01cd07637547cb

  • SHA512

    b3ed6f0d3960ec899651c9005644d8ac6ced1b6d4e4193ff5804d7d9a178f51e6332f4a4f0889a76ba8322a87a8998a6e52090b68ce89e63022635e864ebe949

  • SSDEEP

    3072:tfJO16Nb07wSBBaOtiGYb0z73iJUkXQdjxl/MuN1ScZN1OlU5Ypwguz:tQ6Nb0kSIGPz73VEQpPHNAcZN1O

Score
10/10

Malware Config

Extracted

Family

xworm

C2

210.246.215.82:7000

Attributes
  • Install_directory

    %ProgramData%

  • install_file

    WindowsNT.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2828-0-0x0000000001140000-0x000000000119A000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections