xworm | susu2[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

susu2.exe
Size

87KB
MD5

b28409052ddd33f1c68388bfa5ded860
SHA1

506b4b9e2b10e3c41b988a41461cdafd202fc90a
SHA256

2eaf388348495a898c9602f325713aa1db1923a2bbde6433a862b7c1540c6d21
SHA512

411c994c7e5196ef218340ed85c6790a66347f09c2e6e5636ec6324704ea1dc4d98d523ea5656d40b487b6f7b4425d8aa41f5d50c7bfc839bd3ac02a99d61a1a
SSDEEP

1536:G1pqX+l9HzPo4MSBX8FCu/x+bA+D/M05hXk26PZKF6OboefnZPSoUQ:5X+nDrMStwJ+bxR5hXGC6O0efnZFz

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

4.tcp.eu.ngrok.io:8848

Attributes

Install_directory
%AppData%
install_file
detektivhuedblyat.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
susu2.exe

Files

susu2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ