Overview

overview

10

Static

static

10

2880-56-0x...ry.exe

windows7-x64

10

2880-56-0x...ry.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2880-56-0x0000026736070000-0x000002673607E000-memory.dmp

  • Size

    56KB

  • MD5

    e95e95f5e430dd97cf597bdd2167e40f

  • SHA1

    ec4065867a952581bc7b950db90148faf9756326

  • SHA256

    da06a8f876d27a17414a982ed806338074e5d3eabb802f74b016a554a5be365d

  • SHA512

    baef0a32b0b812b808d1fd1215fdfa3939015b78508da683167b03794143bf7f6bdf954cccea5162d8feeda616bd44bb6cfcd7ca388fccbccd8c5d913c05c316

  • SSDEEP

    384:vE8PQ9Ba+vNuntf98d6ILj7gM42pfL3iB7OxVqWCRApkFXBLTsOZwpGN2v99Ikum:/Ua+vNohsX942JiB70wVF49j/OjhtbC

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

38.146.219.228:7001

Mutex

mpqxLif2hrZ6dHfO

Attributes
  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2880-56-0x0000026736070000-0x000002673607E000-memory.dmp
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections