Behavioral task
behavioral1
Sample
XWorm.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
XWorm.exe
Resource
win10v2004-20240426-en
General
-
Target
XWorm.exe
-
Size
201KB
-
MD5
acf8853358a7aa1b667fea958b893a5d
-
SHA1
bb13587ce9f55a75765fe12994debb6e07a5810a
-
SHA256
349b3468ba55fa9b2d4e800323a28b7b388663cf54ab35e688ae67a9819e02b6
-
SHA512
cb8a46077594042ba43d85acef88d6e0a6c9e9f2c7e9c6c185ecd5d1c36a5f71c75759dbbbda4f3b47f80131f48b3cba808d487b11a2eaceecbdf9c19afe2c84
-
SSDEEP
3072:fNE2oXkEPibC1/EaOTPTVdwtA2ewhLapuvpAsZOyMqmyBeYVYv:fjEPib4cYP/GWGwqqm1
Malware Config
Extracted
xworm
127.0.0.1:37915
5.39.43.50:37915
de-engines.gl.at.ply.gg:37915
these-accommodation.gl.at.ply.gg:37915
-
Install_directory
%AppData%
-
install_file
dllhost.exe
Signatures
-
Detect Xworm Payload 1 IoCs
Processes:
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource XWorm.exe
Files
-
XWorm.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 63KB - Virtual size: 62KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 137KB - Virtual size: 136KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ