Overview

overview

10

Static

static

10

1752-4907-...ry.exe

windows7-x64

1752-4907-...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    1752-4907-0x0000000000400000-0x0000000000418000-memory.dmp

  • Size

    96KB

  • MD5

    69d28d6f68e7523787e93a0f1a6dc509

  • SHA1

    c364c361d16d073749672da050c739650df0d5b9

  • SHA256

    ba16e13f2e51b30c3d3c056fb7ae1f803755c43285818062a169dffd81ec124c

  • SHA512

    6c8605c81c30fda824ba3e8c782659022a34c7e8a152efbaa00feeb50d94b80eb948c7a9ff15d2bb7d88c36b1e3f92459c6d2b74c13ed18ca6eb1a54758a8a4c

  • SSDEEP

    1536:9TTtXSMUq1F2WSt6E4nsjF65iyo+bY8z+nDKs6G3GZf0OC0taRE5E:3ShgUB/5N+bY8Nf0OLvE

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

C2

91.92.248.52:7000

Attributes
  • Install_directory

    %AppData%

  • install_file

    XClient.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1752-4907-0x0000000000400000-0x0000000000418000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections