xworm | 3b566eacecc241ef8de81e7bb57720f8f538a169597ecebb6747305cf33e2657

General

Target

3b566eacecc241ef8de81e7bb57720f8f538a169597ecebb6747305cf33e2657
Size

18KB
MD5

ccfac62b952a8d263718b2f0ef5cd063
SHA1

4677ce0fd9949772c0b293d636dc8e192739876c
SHA256

3b566eacecc241ef8de81e7bb57720f8f538a169597ecebb6747305cf33e2657
SHA512

1438e370893346fc8ed0c566bb8285b53365bc82149972e2594c22213b0a26f37cdbcc78f03cdf17248719b762029a0fe88cf9a2fcbb598681bb93541837793b
SSDEEP

384:CW6u3+J39dwruwsS8rxKHGgPcglH2m8o8e9V01XZrIOEa5LM:N6u3Kfwt8dcRc4yaV01XZ3U

Score

10^/10

xworm

Family

xworm

Version

5.0

C2

137.184.9.205:7000

Mutex

OaAcKYAEIbGGlgzJ

Attributes

install_file
USB.exe
telegram
https://api.telegram.org/bot6567817661:AAEPVH8mr4mtxVjaqzlho_8xxGuixiJIukE

aes.plain

Detect Xworm Payload 1 IoCs

resource	yara_rule
static1/unpack001/7f52c7211cbc86a61f10853d66f34a22c61cc306f706e62d25b19d6ffa1418e8.exe	family_xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7f52c7211cbc86a61f10853d66f34a22c61cc306f706e62d25b19d6ffa1418e8.exe

3b566eacecc241ef8de81e7bb57720f8f538a169597ecebb6747305cf33e2657
.zip

Password: infected
7f52c7211cbc86a61f10853d66f34a22c61cc306f706e62d25b19d6ffa1418e8.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ