General
-
Target
2136-7-0x0000000000400000-0x0000000000410000-memory.dmp
-
Size
64KB
-
MD5
3736efe2dfa983ebe14c92dd6aa5746d
-
SHA1
8f34ebb28cc04f03f2fae71290dd3b01756a9715
-
SHA256
1efa1cdc6bb25b56d5956391a788d16b15f8e7aaa9417bc2de365e96b632b190
-
SHA512
16245ee579d180196c0938b4c3607c6709e2e54677dc3ccf471ee9195e046d2c6bab90b241a375297a2547cd3e60225622ea7a8d33c10d3d3e0ab96d133a7316
-
SSDEEP
768:k/TWGACKwel4WAPFahq5RFq9fRJN6sOMh8Amn:k/dl64WIuqzFq9fRJN6sOMih
Score
10/10
Malware Config
Extracted
Family
xworm
Version
3.1
C2
kanrplest.duckdns.org:4068
Mutex
TdUxMCK2FUdy51AH
Attributes
-
Install_directory
%AppData%
-
install_file
USB.exe
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
2136-7-0x0000000000400000-0x0000000000410000-memory.dmp
Headers
Sections