xworm | 9bf284641526091a6f26f19713272e53[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9bf284641526091a6f26f19713272e53.bin
Size

17KB
MD5

b64fa9b0dc6447817c0e9c129c5b6445
SHA1

b5e0ee198b502eca998440b7b1c597afa2e9fbad
SHA256

305973ab851f791afa5daea39402d9ddc34804ae1a75fc098b39c394ed5a925a
SHA512

1c51d4cf02d2f3ec02559d7708cb89f1ab1ea6f4b720eddf0f1e7bac1db30259d4123dff04f06a6b37d615779a4e77f33c4940428fadf51d7692e9d1a426b865
SSDEEP

384:JY3mbkkiFt7/fEDdXcM6BztlzT4VzDsiCaYNvXF1:ambM7/fER6Bz74VfNrGF1

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

Version

2.2

C2

androidmedallo.duckdns.org:7080

Mutex

EmTa4G6iSZW4NW9k

Attributes

install_file
USB.exe

aes.plain

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
static1/unpack001/853141ecab59614b4bd0e5ecd204a79e5856cd2aaa8464a6084b4c1ba2960610.exe	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/853141ecab59614b4bd0e5ecd204a79e5856cd2aaa8464a6084b4c1ba2960610.exe

Files

9bf284641526091a6f26f19713272e53.bin
.zip

Password: infected
853141ecab59614b4bd0e5ecd204a79e5856cd2aaa8464a6084b4c1ba2960610.exe
.exe windows:4 windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ