Overview

overview

10

Static

static

10

2604-23-0x...ry.exe

windows7-x64

2604-23-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    2604-23-0x0000000000400000-0x0000000000410000-memory.dmp

  • Size

    64KB

  • MD5

    6e6521f264bd09780d73908ce5af16bc

  • SHA1

    e00c6741ac62c0fdd8fd195eada4b84b6fb2ea10

  • SHA256

    4fe947311dac82b3e7be843c865c4820cc8b0a0e269551a44f20c04c10acca50

  • SHA512

    92d8983f1951a176ae24b7ac76ef7d48dba2eb4712e87b9853a195658bb46d5d0938435f14f7458c6e4372f5d205ce639f54f559c769ec5acfe8933cd7316d85

  • SSDEEP

    768:nzKeuw7mMDFDQAkYS3vCyzC+5WpWVFq9JRqLOMhMux:n9bDg5deHpGFq9JELOMy

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

3.1

C2

baldur1.duckdns.org:3360

Mutex

99lkUMNvqj7gQA4z

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2604-23-0x0000000000400000-0x0000000000410000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections