xworm | hjghfggfghfgfhnt[.]exe | Triage

Sharing

General

Target

hjghfggfghfgfhnt.exe
Size

86KB
MD5

e8aab9a49c8f964ccee3d26f5e31cf40
SHA1

bef1609695d579e20f19ddc32f4c05b87e0593be
SHA256

4b99c9ec06743b0551c1f69464d884c9a350dd3efbe4a9e4c2f7f637ee4fd130
SHA512

e165d1ebdfb85635907a84474fc64f3d4f6f9e1953522018de7c1a8876655a3c2e273e526b6f1ec49df337be5971d91870ba47ac574a6ee1fe6241273c3b1dc9
SSDEEP

1536:rt3Jw1XYk6zvWK8m/bgiRBkL+QafT6F4mOduPSVKEl:rt3Jw9G4kbgWk6Qx4mOduPwl

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

0.tcp.eu.ngrok.io:38479

7.tcp.eu.ngrok.io:38479

europe-stainless.gl.at.ply.gg:38479

Attributes

Install_directory
%AppData%
install_file
USB.exe

Signatures

Detect Xworm Payload 1 IoCs

Processes:

resource yara_rule

sample family_xworm
Xworm family
xworm
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

hjghfggfghfgfhnt.exe

Files

hjghfggfghfgfhnt.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ