Overview

overview

10

Static

static

10

2168-1111-...ry.exe

windows7-x64

2168-1111-...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2168-1111-0x0000000000400000-0x0000000000410000-memory.dmp

  • Size

    64KB

  • MD5

    6842f41ec3e34c3be3951ad4639a2aa3

  • SHA1

    bd5855d63b34b5cee4f6a882342e962c388a74fa

  • SHA256

    a48ef28827a4c6b22fba234a817a24da790ef9d1b935757884a207c9b124dbee

  • SHA512

    f7cb59b3f0180c70c8f13daf31f29c74cd7abe931296d4d23997b4c70072457d7aad291db3540e0849f487f3fc3a0277598f38df25f93aaa7b8678884224e1a2

  • SSDEEP

    768:XCD9VrHOxrcAz7uByVf5E23F/9LqOBhS5:XG9V4yyN5EeF/9LqOBw

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:8895

162.230.48.189:8895
Mutex

ZRGtN7NDh24Vx89x

Attributes
  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2168-1111-0x0000000000400000-0x0000000000410000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections