Overview

overview

10

Static

static

10

3556-1-0x0...ry.exe

windows7-x64

3556-1-0x0...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3556-1-0x0000000000400000-0x0000000000410000-memory.dmp

  • Size

    64KB

  • MD5

    9a1960bf6c9d116bb4b85c64320b20fb

  • SHA1

    ef8f80dbf72c9d4f102f934cee3e67f90e73c654

  • SHA256

    86e6db71fe3a9cc3df771fe86662409a86a31640a0d8459f7e3a10bf85ca1fa2

  • SHA512

    c85070185559bdd0ef56bffc8f632441f61fc271d194ae044d1f58776ccce8460125515520e18ca99c0e0de408e6869b4befa875a35052e084e18dabb635e92c

  • SSDEEP

    768:zOMoF7iVABMoKw9v8WXXPA8njc9Fg94jO/hI/6+yV:ziF76kMoKwlFPA8neFg94jO/6y+Q

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

husktools.duckdns.org:7000

Mutex

9W5nR6YNY2Cs1cQg

Attributes
  • Install_directory

    %Userprofile%

  • install_file

    XClient.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 3556-1-0x0000000000400000-0x0000000000410000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections