xworm | ratnik[.]exe | Triage

Sharing

General

Target

ratnik.exe
Size

45KB
MD5

7231b2a0a169da84d820dfea66118854
SHA1

74fbc5e7f97b1e8414206b0c65765ee7bd49db3d
SHA256

35b04c5168f0e1c8a1659cd133292b0a01895d876696a6c8ae331e656cd642e6
SHA512

ae3320dde04cde11ff0826794e47cf5de3c46efbafdedab8ebfe220fb1b55c3d89cdbdebbd9740aad623c52b1b47d2f607b100fccb0c42a3df8745de58649504
SSDEEP

768:pC9Layfh9cDffRE+nga/kbGia8pqO4hPcKBx93:s7f7cDXq0pkbGrPO4iixd

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:36314

categories-worry.gl.at.ply.gg:36314

Attributes

Install_directory
%Temp%
install_file
Компоненты Windows.exe
telegram
https://api.telegram.org/bot7197198200:AAEjQTAbaTDR6QznHqypKDH6Sh_TJeljGaI/sendMessage?chat_id=1347610390

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ratnik.exe

Files

ratnik.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ