xworm | Bot[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Bot.rar
Size

75KB
MD5

5b2f229e3fba54e14d4c04bcc656fe29
SHA1

6f6eebaf896194d25ca37dbd378b188333547715
SHA256

a0d0729cace8387385c3b792eeb88330de56cc94eeff42bf03bde5b4aae89b43
SHA512

adbdf0b794077d11dad653785b61e1d0c965d777a090507a913eaba820bf27f4b975a34791b0d0bfa7b7a3849242beb6e9307d0694c27f142f2169f75566dad2
SSDEEP

1536:cyNK5kbEqMJbdm+DSRxdJfF7lShyn/6YbJl6hxwxeG3Zng:FU5kbFMpk+DoxdJd7lShyn/Bv6hNG3C

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

95.214.26.78:5566

Attributes

install_file
USB.exe

Signatures

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Bot/Crypter.exe

Files

Bot.rar
.rar
Bot/Assembler/GUIDE.txt
Bot/Assembler/README.md
Bot/Assembler/assembler.py
Bot/Assembler/examples/code.txt
Bot/Assembler/examples/code2.txt
Bot/Assembler/examples/code3.txt
Bot/Assembler/examples/code4.txt
Bot/Assembler/examples/test.txt
Bot/Assembler/requirements.txt
Bot/Crypter.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bot/Tutorial.txt