xworm | 73309cc961f9645c1c2562ffcdc2dab1[.]exe | Triage

Sharing

General

Target

73309cc961f9645c1c2562ffcdc2dab1.exe
Size

199KB
MD5

73309cc961f9645c1c2562ffcdc2dab1
SHA1

6a8545c08c931e016198c80b304ade1c1e8f7a17
SHA256

287e94024ef4ea0f1d9aad740b75a2ff594dd93062848867ed028ac719143298
SHA512

89858a407acbc7c13a4bd40031abd6803c311d381a37702631b1739d9f0e67c6afae50e6d1188b54a7d0e1ddfbcb6857b68f8f44cad3b10b1b31b53f1b676914
SSDEEP

3072:Pp/WjbfQnyH5oGpIlkOpXFcdXrOjVbcL/6Z3zPK2Cu:KbYymGpIlHuKoLC9/

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:7000

beshomandotestbesnd.run.place:7000

Attributes

Install_directory
%ProgramData%
install_file
taskmgr.exe
telegram
https://api.telegram.org/bot2128988424:AAEkYnwvOQA95riqRZwlqBxg4GV-odRNOyo/sendMessage?chat_id=966649672

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
73309cc961f9645c1c2562ffcdc2dab1.exe

Files

73309cc961f9645c1c2562ffcdc2dab1.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ