Behavioral task
behavioral1
Sample
setup.exe
Resource
win10v2004-20240508-en
General
-
Target
setup.exe
-
Size
73KB
-
MD5
9003126cef8cf36eca17f1e51eaf8394
-
SHA1
6f7941dc4c5bb1818a519482537ea231e4ba8ab8
-
SHA256
ac30d7a03c46c90f1f8270ac6dc2a7001373b2b16567d7753f174fd33c047ed2
-
SHA512
eacfc7a4030cbaab1926d660b5ea2fa69d9ba2e18bb690822bab474b9fb296d49150af25a8565dd51ad3a4d4da648e365610969829835d480fce4e16b0285dac
-
SSDEEP
1536:mPN8fc4tabwG764lxyTfogb8cCijEnxH8w6nNOON3c7G:UN8f9abwGLHyZb876qWVNOON6G
Malware Config
Extracted
xworm
sebeee-39917.portmap.io:39917
-
Install_directory
%AppData%
-
install_file
RuntimeBroker.exe
Signatures
-
Detect Xworm Payload 1 IoCs
Processes:
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource setup.exe
Files
-
setup.exe.exe windows:4 windows x86 arch:x86
Password: code
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 71KB - Virtual size: 70KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ