xworm | Delta X[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Delta X.exe
Size

75KB
MD5

e01d6bce8512efd791dc00b95c2bacce
SHA1

ea7aca74715a3e03f85929a740b13cac526921a1
SHA256

8370baeb69b316cddd1791324d0e2aa32ffafb6c87ba49e85d023534334c267f
SHA512

4f9e7d2af70884f94e9ab8ce233000b799362b47fb6e995060916032d0d737449ad876e40f7336034007e3e40212d216313a00117063f372bc8c1fd0f1889535
SSDEEP

1536:h34dG9KOBFxQC+pnP0ob4ADb064jOG/qB8PUxMi:x4U9fd+pP0ob43jOG/qcUKi

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

social-river.gl.at.ply.gg:21107

Attributes

Install_directory
%AppData%
install_file
XClient.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Delta X.exe

Files

Delta X.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ