Behavioral task
behavioral1
Sample
656-198-0x00000000003A0000-0x00000000003AE000-memory.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
656-198-0x00000000003A0000-0x00000000003AE000-memory.exe
Resource
win10v2004-20240508-en
General
-
Target
656-198-0x00000000003A0000-0x00000000003AE000-memory.dmp
-
Size
56KB
-
MD5
2e131a3965ad9d6ff7c142781167794f
-
SHA1
7c09f1fb820e788955eeef1bf90d109871ad958f
-
SHA256
d98545647148e19484a2a7efd8b72f9dc95dfbe80623e020e0319a4683322917
-
SHA512
3f5a4448699fb9563c5f8d89b9f757e6050e9eeb034dd4be366a1525777eb4adb7887c6aa82d0d0118a5d6b4ae812156fc582df9fcd8fc9347ac40b73c94b65f
-
SSDEEP
768:EUa+vNshO8q8UoxVJt76bRVFr9jxKOjhTbB:7vN4df978DFr9jxKOjl1
Malware Config
Extracted
xworm
5.0
91.92.247.130:2423
jNAItsLzlKCj7FUO
-
install_file
USB.exe
Signatures
-
Detect Xworm Payload 1 IoCs
Processes:
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 656-198-0x00000000003A0000-0x00000000003AE000-memory.dmp
Files
-
656-198-0x00000000003A0000-0x00000000003AE000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ