Behavioral task
behavioral1
Sample
4b9d898379e5dd1d260c1706aa04aa8270994835a523bb83695062d92c830311.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4b9d898379e5dd1d260c1706aa04aa8270994835a523bb83695062d92c830311.exe
Resource
win10v2004-20240226-en
General
-
Target
4b9d898379e5dd1d260c1706aa04aa8270994835a523bb83695062d92c830311.zip
-
Size
43KB
-
MD5
195de2544c3e8f91d5002594d02141a9
-
SHA1
389c5300b583d2deb3bab2498a48838d7759a114
-
SHA256
c9419a3e2b0ce74b0431d1af2afca5a416eb8f91a43b64832cfab1e8c2f815e1
-
SHA512
92b00dce3a4639346a76dfe07c629ca3ffe8e67c5b230316da2fd3d640d4ebe06a571b086cab2cdd05894d08c84093a1912862d64ddaa93c879e0b353920b01e
-
SSDEEP
768:H3bDtOjSKmJSAqSqpFYql3r6EV6H3NChM3gL/AFz/9CrAqlBvgg:XNYSKlUqfQO6H3ohbLYFz1qBvgg
Malware Config
Extracted
xworm
involved-hurt.gl.at.ply.gg:35238
-
Install_directory
%LocalAppData%
-
install_file
WindowsHealthSystem.exe
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule static1/unpack001/4b9d898379e5dd1d260c1706aa04aa8270994835a523bb83695062d92c830311.exe family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/4b9d898379e5dd1d260c1706aa04aa8270994835a523bb83695062d92c830311.exe
Files
-
4b9d898379e5dd1d260c1706aa04aa8270994835a523bb83695062d92c830311.zip.zip
Password: infected
-
4b9d898379e5dd1d260c1706aa04aa8270994835a523bb83695062d92c830311.exe.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ