Behavioral task
behavioral1
Sample
test.exe
Resource
win10v2004-20240426-en
General
-
Target
test.exe
-
Size
34KB
-
MD5
e1f7cbb395ee3aece6b8749bf6aaa4a7
-
SHA1
0d081adb293d89155c55dcedf7a0fb2188a27a92
-
SHA256
f9855926bc7131cc3ce3cb5a4e4943f2048787296fd6dfd4d663457dcf511a9c
-
SHA512
9e007c0c8668432a89ca4ed20d02ed1f707b0006183657e813a9fc5e26c173696e7e92e221e56f035451725492cfadf5fae6200cdad241c783055d6750b5a765
-
SSDEEP
384:YIwDnjTJeDs3fL9bnfHIAxNFR2EguTOQRzpkFXBLT0OZwEJN2v99IkuisptlH6x7:S0D69DfHIAxNOsTlwFo9jDOjh/bk
Malware Config
Extracted
xworm
5.0
tr3.localto.net:44953
JAXr5VvuESQ7Hfoo
-
install_file
USB.exe
-
telegram
https://api.telegram.org/bot6919369290:AAGnnKr1Yo67mV9jYUriuVi-XAno2tdvbq0
Signatures
-
Detect Xworm Payload 1 IoCs
Processes:
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource test.exe
Files
-
test.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 31KB - Virtual size: 31KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ