Overview

overview

10

Static

static

10

2892-39-0x...ry.exe

windows7-x64

2892-39-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    2892-39-0x0000000000400000-0x000000000040E000-memory.dmp

  • Size

    56KB

  • MD5

    d1617dccdad70e8e4ba1b5629cdac696

  • SHA1

    048c2c62436e040dc49c6eac1eb2fa721939b434

  • SHA256

    47b71824ef7616e347fff6bc6693807dc4e0cfd7aa1a53122781a75602df9d7a

  • SHA512

    cb814747c8559743c87d63e56496196e0537bc181712aaa623dc4dff3a9a4302aed486f05d254a8658fa6a4dd61e01e4331d608c259943cb12f33e86c686e4dd

  • SSDEEP

    768:TVa+vNtg+PBy3Tw4e1dVFE9j/OjhJfbk:zvNtgwy3U4epFE9j/OjTA

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

135.224.23.113:5555

Mutex

mR0UgXYus56nykvx

Attributes
  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2892-39-0x0000000000400000-0x000000000040E000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections