Behavioral task
behavioral1
Sample
2852-12-0x0000000000400000-0x0000000000410000-memory.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
2852-12-0x0000000000400000-0x0000000000410000-memory.exe
Resource
win10v2004-20231020-en
General
-
Target
2852-12-0x0000000000400000-0x0000000000410000-memory.dmp
-
Size
64KB
-
MD5
d6c95a71569fcbaea8eac823863f19e0
-
SHA1
572a525748edbc483aec69b8e8351968609d9ac7
-
SHA256
c8801b24e08d60020a530387adebc7ea07de10d32569095d2eed39594a398616
-
SHA512
ac00e57d84e4f543dec5ff1eeff324ff948d24be93a49fbc5ce4dc61d8dd17c91fd75cda2a681b792bf0dd9567a8d752252d96ad4bf76eb9ceba2ba84649cbea
-
SSDEEP
768:BDc35M27/DUkQBQzA/FK9OD36xOMh8QN/:Js5dPmB4EFK9O76xOMGS
Malware Config
Extracted
xworm
5.0
185.222.58.35:4760
bMaRyCcqw3sEDe3P
-
install_file
USB.exe
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2852-12-0x0000000000400000-0x0000000000410000-memory.dmp
Files
-
2852-12-0x0000000000400000-0x0000000000410000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 34KB - Virtual size: 33KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ