Behavioral task
behavioral1
Sample
fe8b320087553eaee75439ab0c4c523a67687c5cb70763bcf042bcfabb205f11.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fe8b320087553eaee75439ab0c4c523a67687c5cb70763bcf042bcfabb205f11.exe
Resource
win10v2004-20240412-en
General
-
Target
e46d80f1b4a81c1aaafdda010b0db0eca9c0957a1a3990671d583247d33371ff
-
Size
16KB
-
MD5
c3820a85f18413b82d3f0fa5992d2d5b
-
SHA1
f2c0d39519bc1c5396476b76d4e7b23f5476253f
-
SHA256
e46d80f1b4a81c1aaafdda010b0db0eca9c0957a1a3990671d583247d33371ff
-
SHA512
d1843399af8cf8e08d644eee8f7bd36ec9fe5449f234e619b9d1529c282bfaccaac3b4808f12f7b34d00b937b174c480a6e73af0331261f3848e40eceaeb3626
-
SSDEEP
384:TX5o2P4X1U8FMePOr+VZGVubTEQ7gvEwGDJ/1jrTZu5:TX5nWXRAIUOTEDvEZhtx2
Malware Config
Extracted
xworm
3.1
dzn.ddns.net:5552
mT1l25650AkcpwGy
-
Install_directory
%Temp%
-
install_file
USB.exe
Signatures
-
Detect Xworm Payload 1 IoCs
Processes:
resource yara_rule static1/unpack001/fe8b320087553eaee75439ab0c4c523a67687c5cb70763bcf042bcfabb205f11.exe family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/fe8b320087553eaee75439ab0c4c523a67687c5cb70763bcf042bcfabb205f11.exe
Files
-
e46d80f1b4a81c1aaafdda010b0db0eca9c0957a1a3990671d583247d33371ff.zip
Password: infected
-
fe8b320087553eaee75439ab0c4c523a67687c5cb70763bcf042bcfabb205f11.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 31KB - Virtual size: 31KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ