Overview

overview

10

Static

static

10

2776-37-0x...ry.exe

windows7-x64

2776-37-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2776-37-0x0000000000B90000-0x0000000000BA2000-memory.dmp

  • Size

    72KB

  • Sample

    241102-st556sxmhx

  • MD5

    0f8c573a94320cc5d3521ce87507f206

  • SHA1

    dac0db2b88374d0aaa8a6e7eb02405777f78f27f

  • SHA256

    2a037fcf8b6586273c9b9264c95a346091b4f503ac16da177ac965102849b30a

  • SHA512

    61667f915cf665e3c0071fdfa1d682aee465920b2231b57cbdddf0f8bf214cdefdd8f310b14e4189de1b4f7d1b0bf17580456bd5a3bb346363111de3f8b95185

  • SSDEEP

    384:j/ixLdTHZGdG/lYbgZrExLM/mZ4+11FILihivQ7pkFMAMiLTg9ZZwd/mVvNVqEs2:7QPcGtpE9M/XAFHhIRFe9/4OChkiXI

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

146.190.29.250:7812

165.227.91.90:7812

167.99.94.206:7812
Mutex

4chIqEbR5Rq6U6EI

Attributes
  • Install_directory

    %AppData%

  • install_file

    Windows Defender Service Host.exe

  • telegram

    https://api.telegram.org/bot7074211690:AAFHdtGIEk1j3FpHjh6_p8Xjh9rfZDo4uSc/sendMessage?chat_id=6291749148

aes.plain

Targets

    • Target

      2776-37-0x0000000000B90000-0x0000000000BA2000-memory.dmp

    • Size

      72KB

    • MD5

      0f8c573a94320cc5d3521ce87507f206

    • SHA1

      dac0db2b88374d0aaa8a6e7eb02405777f78f27f

    • SHA256

      2a037fcf8b6586273c9b9264c95a346091b4f503ac16da177ac965102849b30a

    • SHA512

      61667f915cf665e3c0071fdfa1d682aee465920b2231b57cbdddf0f8bf214cdefdd8f310b14e4189de1b4f7d1b0bf17580456bd5a3bb346363111de3f8b95185

    • SSDEEP

      384:j/ixLdTHZGdG/lYbgZrExLM/mZ4+11FILihivQ7pkFMAMiLTg9ZZwd/mVvNVqEs2:7QPcGtpE9M/XAFHhIRFe9/4OChkiXI

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks