xworm | SolaraBootstraper[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SolaraBootstraper.exe
Size

230KB
MD5

8832030e178eae26096cecf0d25a40cb
SHA1

589dd17f269dfe876c1f3c33565e7fc1a4fbb144
SHA256

f71b8728c67c2e2303ba9acdef9cca342a66cdc519a8351da401dc057b3d742f
SHA512

0b0db2f052f415804ed26da1ea441937124c382ee867f5be8f023c6c95f4923f381d559d46903370513aa5d9e9e6560886cff51f8539d2e42a21c966980b0913
SSDEEP

3072:3qFFFMhY15l6tbAXdCON+Kt8SKfbzxcwg7es6/Vsb8VKTu549oJMfF/H9N3Ky9NP:BY15libkUhcX7elbKTua9bfF/H9d9n

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

Attributes

Install_directory
%AppData%
install_file
win32.exe
pastebin_url
https://pastebin.com/raw/mxJuykEA

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SolaraBootstraper.exe

Files

SolaraBootstraper.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ