Behavioral task
behavioral1
Sample
Discord.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
Discord.exe
Resource
win10v2004-20240412-en
General
-
Target
Discord.exe
-
Size
148KB
-
MD5
93fc7ea878e7064b106d4523933c2af5
-
SHA1
49606faf1859f5fc620da49462a1454387c23333
-
SHA256
5c783017b84a20693aea8d02ac1bad7235c063bcec361d38dea45b9ab4be3395
-
SHA512
ed0e2f31c9849fd8be3d0121410f324a59b90952d3a34f6af56513d9c2840c009ceeb230a21c37eaca7cd7c908ab532eb783d632d711967f74bcedba98339e62
-
SSDEEP
1536:BPkk7Rb5zBeEbkUmwk8td6k/RuTT5cOIWDn07i1He4p:BFRmEbkUfNj/EmOnDmo7
Malware Config
Extracted
xworm
country-depend.gl.at.ply.gg:38853
-
Install_directory
%Userprofile%
-
install_file
discord.exe
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Discord.exe
Files
-
Discord.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 80KB - Virtual size: 79KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 67KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ