Overview

overview

10

Static

static

10

2888-4899-...ry.exe

windows7-x64

2888-4899-...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    2888-4899-0x0000000000400000-0x0000000000418000-memory.dmp

  • Size

    96KB

  • MD5

    5102e726637c3e4533658d4d7f1119f3

  • SHA1

    9f875db5d27397ec95bc5f8c148c82e00f51bb11

  • SHA256

    41760467c424c0dfa51c5e700128dd5e9fb9ad54960175e91110d506c68cf537

  • SHA512

    318a49565043345277f840a68722910adef085de32e5a0d494bec4dce5cbecdca0dc0f65c98ed9ba702f5d7abf3302cbd101f49ff913ecf75d6451c3c2e8c1e8

  • SSDEEP

    1536:0Gk8+lNDsOzLYVJXqzUhRd3bT+DsKkNgO0t4t:0fLSJXqzAd3bT+kaO0Kt

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

3.1

C2

gamemodz.duckdns.org:4678

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2888-4899-0x0000000000400000-0x0000000000418000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections