xworm | obXClient[.]exe | Triage

Sharing

General

Target

obXClient.exe
Size

64KB
MD5

591e9953e62a79303811c9ca80191df9
SHA1

387c087dc56454635de1ee1a3ba9697d8709ad84
SHA256

19484f6840c4f4c21598d7345218eaeb1c85e3ccfaf347c998b4fb83dd8cb08c
SHA512

88b25f3b6421e2e9c9c48ce0a9d4303b25f8d9946a937fcae072d9b2e55b85a42f502acaa0d6d1700e42e93c063a67cf5bfb8589a3784a8f8c5c5858fe83883b
SSDEEP

1536:1BNwbm2OEanmWH79J0ZAFHQpvtbkbYNoTFW1XwO9Hno:1BNwbTkff0i4kbYKQXwO9no

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

139.180.188.91:7000

Attributes

Install_directory
%AppData%
install_file
data33561.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
obXClient.exe

Files

obXClient.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ