General
Structural Analysis
Config.1
Yara Rules50
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | 9d0dffd34d742cf7979ff01ba1b8030c
|
| Sha1 | 48f8f46e4b1d49deb5d0bab8a25befc11d0c1ca2
|
| Sha256 | 64aed0731939b7efb3032ad834d794151c8821e3afb7af034bd70236c71feb3c
|
| Sha384 | 8737bbef332b4f091be545527dc81f1dcb2ffac11187084ca5855c7e3146718be0cf28773271c9d35784b17a54d6a8bf
|
| Sha512 | 798ade31b2585586e46640cca2691956d9fff9eb7878a350a6f590cb1ab25cf0b2324e1588bbe7fae9dbbe8b43e266b84b663d93926f31426e5d33fa67492f07
|
| SSDeep | 768:GjJOtzkyqyihfffoEgw7OFPhvtM0h/Osp4z2/fbLAEj9xN4Fy:Ym5ihfffMw7OjvtMGLAA9xf
|
| TLSH | BF134B335923FDD1B77E2D84F9503D511C59782B87A8D2B8BBC8095E34B24A4DE1ACB4
|
File Structure
9d0dffd34d742cf7979ff01ba1b8030c
Malicious
[Base64-Block @0x00000000]
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - XWorm config.
|
Config. Field0 | Value |
|---|---|
| Mutex | BR0Dv2DkRnueKuWZ |
| Hosts | 21.tcp.vip.cpolar.cn |
| Port | 12208 |
| KEY | <Xwormmm> |
| USBNM | 222332 |
| family | xworm |
Artefacts
|
Name0 | Value |
|---|---|
| Mutex | BR0Dv2DkRnueKuWZ |
| CnC | 21.tcp.vip.cpolar.cn |
| Port | 12208 |
9d0dffd34d742cf7979ff01ba1b8030c (41.64 KB)
File Structure
9d0dffd34d742cf7979ff01ba1b8030c
Malicious
[Base64-Block @0x00000000]
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - XWorm config.
|
Config. Field0 | Value |
|---|---|
| Mutex | BR0Dv2DkRnueKuWZ |
| Hosts | 21.tcp.vip.cpolar.cn |
| Port | 12208 |
| KEY | <Xwormmm> |
| USBNM | 222332 |
| family | xworm |
Artefacts
|
Name0 | Value | Location |
|---|---|---|
| Mutex | BR0Dv2DkRnueKuWZ Malicious |
9d0dffd34d742cf7979ff01ba1b8030c > [Base64-Block @0x00000000] |
| CnC | 21.tcp.vip.cpolar.cn Malicious |
9d0dffd34d742cf7979ff01ba1b8030c > [Base64-Block @0x00000000] |
| Port | 12208 Malicious |
9d0dffd34d742cf7979ff01ba1b8030c > [Base64-Block @0x00000000] |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.