xworm | тестовая[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

тестовая.exe
Size

70KB
MD5

74cd844d8be6f0e80742297b8925df1d
SHA1

461aabcd70b767f4552152d7ffdb82522a933876
SHA256

c2458237367f63da26be099bc8509cae9df5645896b902f3db6412e7f5e5fdcf
SHA512

26c4a06073afa2cd3015ecdfe43cf087e9403e9672a3931b48e37fa04e7704a8cfc5a2d12ff693e712f715cf170c8b7af3c97080c4a9ca3153eac13dd4803a00
SSDEEP

1536:HHkZLD5B0+Xl6rar/s+Qb9p0OMRY9bBRQrOXp50CsDrRQ:HElDj3crar0+Qb9p0O19bLQrOXp50CeC

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

18.ip.gl.ply.gg:20674

Attributes

Install_directory
%AppData%
install_file
system32.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
тестовая.exe

Files

тестовая.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ