General
-
Target
4240-17-0x0000000000400000-0x000000000040E000-memory.dmp
-
Size
56KB
-
MD5
41ca9a494d5d0e78cf16159f7fef8472
-
SHA1
40cb6132c9e9cef0bdadbd840955f77352a9130b
-
SHA256
aa0f5431f912497089a264ad8002e1fffda72b75a1d9f60601cc979306f2d030
-
SHA512
0c4b9a6b3e3509ab256aeeabafa4e878865c000a06197bfd9705ac1da7289504b3640d73bfd523c98e80a3109c3ec5dab4d287b8609f215badcfb32fa512aaa9
-
SSDEEP
384:jl+PkjD9+E5MFs7iui8L7zuM42pfL3iB7OxVqWDRApkFXBLTsOZwpGN2v99IkuiM:5+CD93W03T42JiB70FVF49jijOjhzb2
Score
10/10
Malware Config
Extracted
Family
xworm
Version
5.0
C2
zafa02.hopto.org:4545
Mutex
KecGg5CGEilLm2a5
Attributes
-
install_file
USB.exe
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
4240-17-0x0000000000400000-0x000000000040E000-memory.dmp
Headers
Sections