xworm | 2ac73904132efc341bf9a6f37700886d212dcfb3de14036879e37c1415ca2152

General

Target

2ac73904132efc341bf9a6f37700886d212dcfb3de14036879e37c1415ca2152
Size

16KB
MD5

8750254f71a5dc2d9ea58dc0a6203de2
SHA1

d9523a9f66a4db8d214b9ec4c3cffba06274f558
SHA256

2ac73904132efc341bf9a6f37700886d212dcfb3de14036879e37c1415ca2152
SHA512

889b8f5b026e44ae1496a75562af5a04523450249298d245259933a96bd9d5cabfe06f76bad0e5271d7855a48792ba5cb98d7162b11ff77af929593a4c235891
SSDEEP

384:vRz6q9Z7Wlf73UqBqD9DyA/LabFA0Y4xfsuzG3jjMu:Jz6uCV3BOFyADup/UuzG3Pj

Score

10^/10

xworm

Family

xworm

Version

5.0

C2

147.182.238.227:7000

Mutex

Z986h2kJmww7Rway

Attributes

install_file
USB.exe
telegram
https://api.telegram.org/bot6491699241:AAEzWMqxLHLa_DADVhFrtpk__NqYBpyS7tI/sendMessage?chat_id=6432387334

aes.plain

Detect Xworm Payload 1 IoCs

resource	yara_rule
static1/unpack001/74f3ef3a28941ab263893623da14b9703d3690f9ac9344c225427f3a2deaff7c.exe	family_xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/74f3ef3a28941ab263893623da14b9703d3690f9ac9344c225427f3a2deaff7c.exe

2ac73904132efc341bf9a6f37700886d212dcfb3de14036879e37c1415ca2152
.zip

Password: infected
74f3ef3a28941ab263893623da14b9703d3690f9ac9344c225427f3a2deaff7c.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ