Overview

overview

10

Static

static

10

3016-10-0x...ry.exe

windows7-x64

3016-10-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    3016-10-0x0000000000EA0000-0x0000000000EF6000-memory.dmp

  • Size

    344KB

  • MD5

    1aafcc19fc7ce8dcec6824739f08515c

  • SHA1

    8ad16ad1f8c8294be1e569d631ef777e4dbfce05

  • SHA256

    1c669b3733834cf929f0cbc7aeab5ca93ea4521bb0ac06ecb6e6c31d669edde5

  • SHA512

    0e0e4d8a6f24f327bd4098d236c4d344a91cb49015b03dc9c51824ff6fb79c12d0efdcbad62b813c281faa7195cbbf623efe91b31c8eb112f1e6b35e62665f37

  • SSDEEP

    3072:uKShuWbilT4O9sbyOkitG/iJpXnc858j:uKCRboOkiYcRnh

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

C2

she-vocal.gl.at.ply.gg:36704

Attributes
  • Install_directory

    %AppData%

  • install_file

    notepad.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 3016-10-0x0000000000EA0000-0x0000000000EF6000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections