xworm | 68850[.]exe | Triage

Sharing

General

Target

68850.exe
Size

208KB
MD5

7e2be4ac04d8f56473499eac3a10fb34
SHA1

6b66e9aa00599415a1c52bee0c723d0728e50900
SHA256

ec6a6aa9a75e81c6069edc6bd5e246062ae923348d7c2221eb5f8fa3f59b63a8
SHA512

3ec7f182965a82c61d7af2e5579940ec0a47a49c233f493210ca5bf700d43e3d0880418a093c5939ec89b0bd076aaa00ba798c07d5fc08d55ba7704339ba8e0e
SSDEEP

3072:GxMFw9diyOCJ/8SKfbzxcwg7es6/Vsb8VKTup49oJMfF/H9N3Ky9NzLny:Gx2w9ouUhcX7elbKTuq9bfF/H9d9n

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

6.tcp.eu.ngrok.io:18052

Mutex

hMwsB2Kl8eJNYZZz

Attributes

install_file
USB.exe

aes.plain

Signatures

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68850.exe

Files

68850.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ