Overview

overview

10

Static

static

10

2832-23-0x...ry.exe

windows7-x64

2832-23-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    2832-23-0x0000000000400000-0x0000000000412000-memory.dmp

  • Size

    72KB

  • MD5

    7392f79f184d419165b09dfee90ee581

  • SHA1

    7367650919732e252d105b22bcfdec0ea6611bf2

  • SHA256

    138f245d10982872eada925b7f35fef6172b425139e3b147af013a2b4ae4c13e

  • SHA512

    2e53b414a99eb50540bc4b50a8fd455b7983ab657590370ecab82b3981e0ddca6bf1552a1f8c5057ebc2967db894e1bdd32a5b92f377af486ec2f1fb7b6f1056

  • SSDEEP

    768:kPSPVmqBV0bdIPFOkFWb9KX3XOohw0aiMU:2C0bdIFy9KX3XOo2RU

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

as525795.duckdns.org:6980

194.37.97.150:6980
Mutex

wtYmVE2WY2XGhWlO

Attributes
  • install_file

    adobe.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2832-23-0x0000000000400000-0x0000000000412000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections