Overview

overview

10

Static

static

10

3344-9822-...ry.exe

windows7-x64

3344-9822-...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    3344-9822-0x0000000000400000-0x0000000000412000-memory.dmp

  • Size

    72KB

  • MD5

    a9956043805556b717bc1e8e3dc7035e

  • SHA1

    20483d1a04e3f4fc5a5ff3a03a9cba13c4c808a1

  • SHA256

    d0358d8e0ba71f2c16e74ebb17e7d7327dc4d6d49fbaedb24eb33da5cc71c2d6

  • SHA512

    3c3ce73a455ed0d214e75b43239009f0c85ce18dd65aae511f81d2d65c102fa1af37d7ab7869e0807659004955fdf399784cb97f3dfd5c39b5c930f7877d6f54

  • SSDEEP

    768:3NrD/wRwTAoWa4lqzTRvjvxsl6UFRP59xsOuhtOS:35jMRIhSFH9xsOuLv

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

178.215.236.251:717

Mutex

0AVeWj1eTvHM3Un2

Attributes
  • Install_directory

    %AppData%

  • install_file

    XClient.exe

  • telegram

    https://api.telegram.org/bot5987023205:AAFlvwKv3zD3wQ2CQAewIB6uU95uBQ25ip0/sendMessage?chat_id=5202962680

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 3344-9822-0x0000000000400000-0x0000000000412000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections