Behavioral task
behavioral1
Sample
SolaraBootstraper.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
SolaraBootstraper.exe
Resource
win10v2004-20240426-en
General
-
Target
SolaraBootstraper.exe
-
Size
256KB
-
MD5
f531ee0dd304c0b39bb6d8d4423416cb
-
SHA1
689a6d2b3712d8f8118be9ed5327ad5b79e9eb61
-
SHA256
795d4065c2d430ce0c6e5828c94b84b9f812872ee65ecd4b19c741c6bfab4fdf
-
SHA512
c4e03fb5f7dcfadc2eff889847afc5e338be7428a86f51d3182e1487d632e11242b8faeb4baa643c0c28e1a6670831ea27a057e845588db01e3f8ec860beeb5f
-
SSDEEP
6144:wdCbxjHoT1cUhcX7elbKTua9bfF/H9d9n:ic3X3u+
Malware Config
Extracted
xworm
-
Install_directory
%AppData%
-
install_file
win32.exe
-
pastebin_url
https://pastebin.com/raw/A6Ve7KU4
Signatures
-
Detect Xworm Payload 1 IoCs
Processes:
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource SolaraBootstraper.exe
Files
-
SolaraBootstraper.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 89KB - Virtual size: 88KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 166KB - Virtual size: 166KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ