xworm | yaraneye[.]exe | Triage

Sharing

General

Target

yaraneye.exe
Size

64KB
MD5

fbcf1353f836cad39412fc2dfcde4481
SHA1

21422a083c98e810a22f0614761ab78eba65a245
SHA256

340c8de9e85f469d40562e1f45f2789594043374a717af78712d25af2184a1aa
SHA512

102252f6a6dda66b73f0101b234ee8896a813236297c52bde6c7806ce054cb6aadbab5cd51ba87cba0cae8d7140ebcb3fad1e5ee48ef7438df36840add07870c
SSDEEP

1536:X7I4wz07bkSLnwvTQlbKkb8jkl7pFgqLnOufI:X7I4wwkSLnskb8jkBXLnOufI

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

teen-modes.gl.at.ply.gg:23638

Attributes

Install_directory
%LocalAppData%
install_file
yar.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
yaraneye.exe

Files

yaraneye.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ