General
-
Target
4860-1538-0x00000000004D0000-0x00000000004E2000-memory.dmp
-
Size
72KB
-
MD5
bca8b1ec8e2d6cd3c0bfa3de6f170d5a
-
SHA1
3d2cefda39b3b6e26dbe9815a8c7f26330bd6f4c
-
SHA256
a5b8ae377f4018c226feaef78a168bcf0e903fa82518d83d146fc3525019c88d
-
SHA512
dde8cc11243302474d0a7a09e0ff17ed0d22a35d89ae78ab2be7185af7aee0c8bfeefa9e9edece4bd52f68292c190afb5317488ed92fd40650a6fede9a2c3b12
-
SSDEEP
768:W7qTiQDkup+Ab5O+ui93yXSeH6wSmvxra2R2XSN+F0v91662OohrGTCh:WvU5O+uikH9SSxra5Fi91662OoYG
Score
10/10
Malware Config
Extracted
Family
xworm
Version
5.0
Mutex
xp8AtPT05Geksh1H
Attributes
-
Install_directory
%ProgramData%
-
install_file
MicrosoftService.exe
-
telegram
https://api.telegram.org/bot7115811442:AAHiWQv7RdFsbXnJS5hfG6P1vphsJnlPSV4/sendMessage?chat_id=971347293
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
4860-1538-0x00000000004D0000-0x00000000004E2000-memory.dmp
Headers
Sections