xworm | TestRun[.]exe | Triage

Resubmissions

20-04-2024 15:39

240420-s3xkdscd4t 10

20-04-2024 15:29

240420-sxd6vscb7z 10

Sharing

General

Target

TestRun.exe
Size

56KB
MD5

594c098d8e2cf8fc36669b3398b7bd5a
SHA1

e0cf7de523b55b53ca5881c35090c5106b2041b8
SHA256

06a8d5dde4323a28db52b3932c55c42fa0a9c1c47d4b2a289cf6466b03b3f60b
SHA512

a2febefa9cc0d1b80cc49ffb3b50c2552b2727c826b041c26c35ba31c725d2cd580ab7a9f6260a5cbe568f026080fe77f386403573ef206b3c3ae54ec35771bc
SSDEEP

768:Up3yq/UiGz5EfnLQRySsQLp+pdVQ3apATb9c5h4uaNvjczO5h5tZ2HI:u3yq/dsu/8oSsIp+LVQbb9bLN6O5rb

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

uk2.localto.net:37847

Attributes

Install_directory
%ProgramData%
install_file
Google.exe

Signatures

Detect Xworm Payload 1 IoCs

Processes:

resource yara_rule

sample family_xworm
Xworm family
xworm
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

TestRun.exe

Files

TestRun.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ