xworm | 371d449863d10d5108469abec7c545dfc618d519fb609266598d149d5a78bb73

General

Target

371d449863d10d5108469abec7c545dfc618d519fb609266598d149d5a78bb73
Size

18KB
MD5

fd30e3f2d25b8655511a7f5f97ccd01e
SHA1

2ee251515117d0191362daeccbdc8d1c46d9d97b
SHA256

371d449863d10d5108469abec7c545dfc618d519fb609266598d149d5a78bb73
SHA512

098fd8c5178b85dc05fdf27a542cfaa52b51261ce31064fe01a5000b4f2259e78392c9bbabd37aebf1997d6e22c6eef10e902f8a9086caaa24df44e21a4d25fa
SSDEEP

384:oV5KASu+3MFqxsYAbY//H2TPj2kkf6E+sOhVK04/6PmWtoNb5yQuWvRWYwen:oV5KASun1YAbD7qZXehYJ/SmWtoN9Tv5

Score

10^/10

xworm

Family

xworm

Version

5.0

C2

137.184.9.205:7000

Mutex

bV5QPxwLtEpuTDDi

Attributes

install_file
USB.exe
telegram
https://api.telegram.org/bot6567817661:AAEPVH8mr4mtxVjaqzlho_8xxGuixiJIukE

aes.plain

Detect Xworm Payload 1 IoCs

resource	yara_rule
static1/unpack001/0ba64202181094b72f8db073c627de074bd18ef9f977d42e12de6d6478ff283d.exe	family_xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0ba64202181094b72f8db073c627de074bd18ef9f977d42e12de6d6478ff283d.exe

371d449863d10d5108469abec7c545dfc618d519fb609266598d149d5a78bb73
.zip

Password: infected
0ba64202181094b72f8db073c627de074bd18ef9f977d42e12de6d6478ff283d.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ