General
-
Target
2860-30-0x0000000000400000-0x0000000000410000-memory.dmp
-
Size
64KB
-
MD5
b9f893313ed98f5d71d999545f2b4165
-
SHA1
111820c68c34d2e12d29464b5c06f2f6c8ca24a7
-
SHA256
6eb247703ef7b49edd27ec40331cea0639b33ae97e718e1476d8f11cd43976a8
-
SHA512
8c8102db273d0cdbf72d3d8647a8e332de168c7dffc5679d1fde8ab91cbb7c81bd86c945ec895064fa502291adc4fdf57cea72575e079410a1c8e6790c40b5fa
-
SSDEEP
768:qeXVTtArkSgQ6gGJNF+qwSXI5FJ935OO+hKFu3:qoTerkSbW7nGFJ935OO+sE3
Score
10/10
Malware Config
Extracted
Family
xworm
Version
5.0
C2
various-wages.gl.at.ply.gg:55202
Mutex
lsODhik7XANOkJAK
Attributes
-
install_file
USB.exe
-
telegram
https://api.telegram.org/bot7503421576:AAFe-HqEJI6A9e-kdWp8RSPiI27fCE4Lw2Q/sendMessage?chat_id=985088883
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
2860-30-0x0000000000400000-0x0000000000410000-memory.dmp
Headers
Sections