xworm | UniversalLoader[.]rar | Triage

Resubmissions

12/11/2023, 02:02

231112-cf99zacd5y 7

Sharing

General

Target

UniversalLoader.rar
Size

30KB
MD5

c21140fa080e813d76ca28ce5abd131d
SHA1

48de3aaf2cca509bdaec4adddde3b8f25fff2a16
SHA256

1356ecbb0642004605deb3b062baed650a29c08e0d444dd66a1abcc29fd1271a
SHA512

5ec54b3be7577655dd5b59f62fe685fc934023521fbd5654d2d7a3f57c43025310a255012fb45adedb1df0827788ec04e5e95ccdfcb5e600141af918f6834dc3
SSDEEP

768:P2bjJjnIT3bOHnNpJMljEGAYJ2wee+CwEU2xblum+G:PSjaT3bOHWlqEHeUblum+G

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

147.185.221.16:48777

Attributes

Install_directory
%AppData%
install_file
USB.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
static1/unpack001/UniversalLoader/UniversalLoader.exe	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/UniversalLoader/UniversalLoader.exe

Files

UniversalLoader.rar
.rar

Password: 1
UniversalLoader/UniversalLoader.exe
.exe windows:4 windows x86 arch:x86

Password: 1

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ