xworm | Hello Kitty Cafe[.]exe | Triage

Resubmissions

06/05/2023, 09:06

230506-k29vbsah6s 10

03/05/2023, 09:41

230503-ln5h5aeb78 10

Sharing

Copy URL Twitter E-mail

General

Target

Hello Kitty Cafe.exe
Size

92KB
MD5

0c4f8076b691bd6ba72dc537f543f4b4
SHA1

1220caf36fee7d9799945988d9e05210be7ddc48
SHA256

1d7162966ed6dad053e3a3a049e510a7f20ab3ed8d7bb4634203e887aa54e6bd
SHA512

fc8d50d8c61595c8bc943dba004f8289aca490150db2b7ac09130429f80293b5b06366771da6ba6ad7dd282000af6f730876c56ace516bf56498e890dbbaa785
SSDEEP

1536:wUCFMswYMIJDAz86I1CPKcyb0D3yRzjMbtT27t0e69iONg/JJIApFBF5XaR6uRsI:OFMswYMIJ+K/DAyBMbtTYciONg/bIA/i

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

192.168.1.101:3724

Attributes

install_file
USB.exe

Signatures

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Hello Kitty Cafe.exe

Files

Hello Kitty Cafe.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ