Behavioral task
behavioral1
Sample
2024-06-06_7bf53f92637fa6ba442cd583c5803327_hiddentear.exe
Resource
win7-20240221-en
General
-
Target
2024-06-06_7bf53f92637fa6ba442cd583c5803327_hiddentear
-
Size
173KB
-
MD5
7bf53f92637fa6ba442cd583c5803327
-
SHA1
b40c102fb25fe178d0b29723b0aea5ef216c7986
-
SHA256
9ad38ae92d71c9801fa1b72e575fadb30d95df6c1d577470140b7115ae5fc7e3
-
SHA512
3a2eddd01cd30a4aae014d21ec13c2c35ee250bb90ca3a96747f1645eebbb84e5b309ddbb74084988634d522273881bd0253d345ea47e56be16db4d05b76dc0d
-
SSDEEP
3072:R6nI/Ii6bV3bDftFdO5/fyYQM+lmsolAIrRuw+mqv9j1MWLQy:FIi6bZIR+lDAA
Malware Config
Extracted
xworm
friends-well.gl.at.ply.gg:2318
-
install_file
USB.exe
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Detects Windows executables referencing non-Windows User-Agents 1 IoCs
resource yara_rule sample INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-06-06_7bf53f92637fa6ba442cd583c5803327_hiddentear
Files
-
2024-06-06_7bf53f92637fa6ba442cd583c5803327_hiddentear.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 73KB - Virtual size: 73KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 99KB - Virtual size: 98KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ