xworm | Celex[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Celex.exe
Size

54KB
MD5

55ae54fb79ab10dc8db04324bd273be1
SHA1

84b5be3c349b5101e50f484956ac58cea5c61447
SHA256

da063485a63cf0ff0965c7f24620b9ea5e0fc497ab00ffff0c33914260651894
SHA512

02e8f991712ce61dbad07a5de84e68bdda28670c9190f4dbc30e857f701209876e9c0147f81d683bec3360ee5139c469961e4981084c9049b389537e07f43a0a
SSDEEP

768:nQ3CeetEnnNV0x3nWVnO/kbe4VltwCjFuOschEfkMm:nQ3Cnanb0JnW8kbe4V/cOVafhm

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

model-gardening.gl.at.ply.gg:23142

Attributes

Install_directory
%Temp%
install_file
USB.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Celex.exe

Files

Celex.exe
.exe windows:4 windows x86 arch:x86

Password: fsgagaehgaehfsgagaehgaehfsgagaehgaehfsgagaehgaehfsgagaehgaeh

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ