xworm | nova x[.]exe | Triage

Resubmissions

27/11/2023, 03:00

231127-dhe3aaea25 10

27/11/2023, 02:48

231127-dalvvsdh63 10

Sharing

Copy URL Twitter E-mail

General

Target

nova x.exe
Size

69KB
MD5

7013b2cf7b9e6b218228bc83f8076634
SHA1

dcffcb6cd6be6600af079915907f26ca69a86ebe
SHA256

87e5989e53f24e977c320ff6bfcb3db68718918c94df24ce1f44ac7b5b899db6
SHA512

5e6d969b67ca5d22bf901753cda2eab633502e4f981a88b487bf5c040eeae37ab10a5aa8a40823dd890e17406b6ec363293021f04ee43d713182925d83428422
SSDEEP

1536:IYp824aaGZcs+JSw4L5apbBHxZKUaF6v/OWlQEdea:j824OZZ+JSw4L0pbBOBm/OW1wa

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

team-eagle.gl.at.ply.gg:30728

Attributes

Install_directory
%ProgramData%
install_file
USB.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
nova x.exe

Files

nova x.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ