Behavioral task
behavioral1
Sample
PortCount.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
PortCount.exe
Resource
win11-20240508-en
General
-
Target
PortCount.exe
-
Size
72KB
-
MD5
84bf1bad48c4ea407fb8d5f080bdfcba
-
SHA1
cfa07b44804435278db73c59038f10dd9eec526f
-
SHA256
aa3daa9044183fdddd26aa666da037906992cd6d5ab3c89d189078cc5887113f
-
SHA512
bae4d0d53260b33cdf1f3f833f6e3b0d58db7573b28cb00c704ad5a47d83461bd8877cad4b9efe4ebb443a0290fb76abbcf86f3a848d8f464ebd2bd57e98fa09
-
SSDEEP
1536:o0h6oNWojEoKOv8X2Y2HyTB+b5z3ih9ehqL6785O+bm+Pa:oMjim7m+b5CehSO+bmsa
Malware Config
Extracted
xworm
exchange-extends.gl.at.ply.gg:45129
-
Install_directory
%AppData%
-
install_file
RRStealer.exe
Signatures
-
Detect Xworm Payload 1 IoCs
Processes:
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource PortCount.exe
Files
-
PortCount.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 69KB - Virtual size: 69KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ