xworm | Debugger[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Debugger.exe
Size

243KB
MD5

3b7024853fde6fea3e0a807ae47b5352
SHA1

0c7396de2f267668bc70c75ba3a5d7c6b2baa95b
SHA256

c2dd7f4af7aec94a946e8e7694ee0308454df6120fc7db12ee09795b11e88412
SHA512

c346e0ec763bc42a1a85eba620a4945910690d40f953cb8aa4b0176658801ac7b5bc53acc3f6223afcc03e26802bfc26dbc02bc5018ecd8b833637c8f66932e9
SSDEEP

3072:a2jm8sBtsbx/IOi9GlXmNJOQ9QJDWdM3wrkBM5E31w+9/g4miwFrDQHn7aCHksJ/:jlsPsbmOf0xhuMieRNQHeC4z

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

cell-couple.gl.at.ply.gg:58154

Attributes

Install_directory
%ProgramData%
install_file
XClient.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Debugger.exe

Files

Debugger.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ