Behavioral task
behavioral1
Sample
Standlaunchpad.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Standlaunchpad.exe
Resource
win10v2004-20240412-en
General
-
Target
Standlaunchpad.exe
-
Size
110KB
-
MD5
745b7dbdbd6d44cbbd767e5b3335a87a
-
SHA1
9f5d3d1c05d62ffc4cbfcf15bf6e845c41b33737
-
SHA256
96ee8c5eaec36b7ae55733448f42062d2a3b2f4fe2edefc53d5c59d0c603b2ab
-
SHA512
953dec16fa072c62fb6cb93c7f9dd0f99dfc14aec5674c616f38ae583c2d7925f4a0de0f1d27f1a0c8b261d416d51d4a86f7b55af39cec75f8ced255b4a1317c
-
SSDEEP
1536:DkX0MuRJbXxIM2px6EAtcOETYbpY/2WDbhst1L7a8w63JOx81nyynfr:DkLKtx3Ex6YOBbpYOWDbhsLauOxoPr
Malware Config
Extracted
xworm
127.0.0.1:18082
147.185.221.18:18082
tcp://8.tcp.us-cal-1.ngrok.io:18082
-
Install_directory
%Temp%
-
install_file
Stand.exe
-
telegram
https://api.telegram.org/bot6916721041:AAGsGXyaplDWQ9HJlE88Z36KtBFClSB3E20
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Standlaunchpad.exe
Files
-
Standlaunchpad.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 89KB - Virtual size: 88KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ