xworm | 714db01a552c020e37e43d0aa65bad72e093ba29f6beab0cfcce91adb8f2fed6

General

Target

714db01a552c020e37e43d0aa65bad72e093ba29f6beab0cfcce91adb8f2fed6
Size

19KB
MD5

dd890d9f002368a849cba280c5404253
SHA1

25830479a62be09da467744a9068516811b42d68
SHA256

714db01a552c020e37e43d0aa65bad72e093ba29f6beab0cfcce91adb8f2fed6
SHA512

4c41a51528a91c317e64d5e9a9b8588d53b09b209df441a46a141af79383a05dc9b8fd23497fb8185a8f5ad5205d8359a5d9ce30d32bbc4df2cbed59803d4680
SSDEEP

384:5otuazR/cky8ZGSKDEj6NZZYE4uEZaC3pQSfQHKdnYURRJIr:5ooo/NDKDEm/OZo4oqd5E

Score

10^/10

xworm

Family

xworm

Version

5.0

C2

146.190.57.132:7000

Mutex

yEtoOOkMHyHVNzkF

Attributes

Install_directory
%AppData%
install_file
system.exe
telegram
https://api.telegram.org/bot6491699241:AAEzWMqxLHLa_DADVhFrtpk__NqYBpyS7tI/sendMessage?chat_id=6432387334

aes.plain

Detect Xworm Payload 1 IoCs

resource	yara_rule
static1/unpack001/becad0348a4608bacdecee2065f256e6add2588486db1ae6e0ed735464d3c7db.exe	family_xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/becad0348a4608bacdecee2065f256e6add2588486db1ae6e0ed735464d3c7db.exe

714db01a552c020e37e43d0aa65bad72e093ba29f6beab0cfcce91adb8f2fed6
.zip

Password: infected
becad0348a4608bacdecee2065f256e6add2588486db1ae6e0ed735464d3c7db.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ