General
-
Target
hjghfggfghfgfhnt.exe
-
Size
86KB
-
MD5
e8aab9a49c8f964ccee3d26f5e31cf40
-
SHA1
bef1609695d579e20f19ddc32f4c05b87e0593be
-
SHA256
4b99c9ec06743b0551c1f69464d884c9a350dd3efbe4a9e4c2f7f637ee4fd130
-
SHA512
e165d1ebdfb85635907a84474fc64f3d4f6f9e1953522018de7c1a8876655a3c2e273e526b6f1ec49df337be5971d91870ba47ac574a6ee1fe6241273c3b1dc9
-
SSDEEP
1536:rt3Jw1XYk6zvWK8m/bgiRBkL+QafT6F4mOduPSVKEl:rt3Jw9G4kbgWk6Qx4mOduPwl
Malware Config
Extracted
xworm
0.tcp.eu.ngrok.io:38479
7.tcp.eu.ngrok.io:38479
europe-stainless.gl.at.ply.gg:38479
-
Install_directory
%AppData%
-
install_file
USB.exe
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource hjghfggfghfgfhnt.exe
Files
-
hjghfggfghfgfhnt.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 83KB - Virtual size: 83KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ