Overview

overview

10

Static

static

10

3024-7-0x0...ry.exe

windows7-x64

3024-7-0x0...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3024-7-0x0000000000400000-0x000000000041C000-memory.dmp

  • Size

    112KB

  • MD5

    961b888b3e4ac7a62ca8bf9f42000b51

  • SHA1

    20ae46e981c0d51b69d25fc144f84ffc342bec38

  • SHA256

    9f01eb129e9c8e49143b3e431d07494ea9f11ea6dc7bf69d494aba16101b07f2

  • SHA512

    75bb0b312b2cf57479675434bb0c2365991e6c2901c71d14282ae3a52475242cf0f07d9aa144a425c4ddf23aed7258c026880615516b28d4d7739013b8ad37ee

  • SSDEEP

    1536:67mW/PHFPZnnBT++3PVfVEdxwJbozmSHaB6h4z6hOwO9SK01Klz6m:67lPHXnBTpPVfVyeJbDLB6hfO3uqGm

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

3.1

C2

rwanco.duckdns.org:1556

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 3024-7-0x0000000000400000-0x000000000041C000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections