Overview

overview

10

Static

static

10

2776-37-0x...ry.exe

windows7-x64

2776-37-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2776-37-0x0000000000B90000-0x0000000000BA2000-memory.dmp

  • Size

    72KB

  • MD5

    0f8c573a94320cc5d3521ce87507f206

  • SHA1

    dac0db2b88374d0aaa8a6e7eb02405777f78f27f

  • SHA256

    2a037fcf8b6586273c9b9264c95a346091b4f503ac16da177ac965102849b30a

  • SHA512

    61667f915cf665e3c0071fdfa1d682aee465920b2231b57cbdddf0f8bf214cdefdd8f310b14e4189de1b4f7d1b0bf17580456bd5a3bb346363111de3f8b95185

  • SSDEEP

    384:j/ixLdTHZGdG/lYbgZrExLM/mZ4+11FILihivQ7pkFMAMiLTg9ZZwd/mVvNVqEs2:7QPcGtpE9M/XAFHhIRFe9/4OChkiXI

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

146.190.29.250:7812

165.227.91.90:7812

167.99.94.206:7812
Mutex

4chIqEbR5Rq6U6EI

Attributes
  • Install_directory

    %AppData%

  • install_file

    Windows Defender Service Host.exe

  • telegram

    https://api.telegram.org/bot7074211690:AAFHdtGIEk1j3FpHjh6_p8Xjh9rfZDo4uSc/sendMessage?chat_id=6291749148

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2776-37-0x0000000000B90000-0x0000000000BA2000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections