xworm | 07052024_0858_dl3ocr[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

07052024_0858_dl3ocr.zip
Size

46KB
MD5

6823c2c5be196a325a0cda726eacfd46
SHA1

17730b344a75b9ca6b045bf44415f613058c785d
SHA256

625915ca350a12b64120a3d3490d2a0af4c78be4af8222fa75ad7d475b8638b3
SHA512

fb7334a14d0da68b511d525a0b618731781d4789d7842a7ac4cdaa46a394fd7e93892ea31d1a63d0b909689111c78231b1b9f92c4eedee233974c388584afa63
SSDEEP

768:grcIZ6jtd2sRW57DRfQOBH/ElX5VgVBrqJsxYGVRWBzBs8Fxkprfamy3d9dFgjsz:gIIZ6RRyQEfElX5cBGtoOSFA3nsYz

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

kandrlnc.com:7000

Attributes

Install_directory
%AppData%
install_file
exploirer.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
static1/unpack001/exploirer.exe	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/exploirer.exe

Files

07052024_0858_dl3ocr.zip
.zip

Password: infected
exploirer.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ