Behavioral task
behavioral1
Sample
0e9ed9a55cd440844668e5937cd2afb5a48dd5a17a3530fc4f9868038e305723.exe
Resource
win7-20240508-en
General
-
Target
2b274de1ba95b66b41fd57ba95e10653.bin
-
Size
40KB
-
MD5
e5a1afed24308bb75ef975505739fdca
-
SHA1
d5a768a2d5bcb9667516186b6b35e288f81b3c6c
-
SHA256
df99db544458d454a1e58ba9a80f38d805da5df55e757bd3c6b6f2ecd3664acc
-
SHA512
cb557edb30a55cf2db7c9098408994dd6d988b3f88da0f5018175cb3c7dec3555519195e65289b07592dcda82a405f34381f0a549b7596d04c464f1526ced7eb
-
SSDEEP
768:O2C8IlhyZC1YgY3q3QNeaZtrisZjmFu77qFZLJ7vQXyd3ClT7BcK8in:BC8IeIY3+3G9w3FtJDfSBcTC
Malware Config
Extracted
xworm
127.0.0.1:32901
engineering-thoroughly.gl.at.ply.gg:32901
-
Install_directory
%AppData%
-
install_file
OxyInstaller.exe
Signatures
-
Detect Xworm Payload 1 IoCs
Processes:
resource yara_rule static1/unpack001/0e9ed9a55cd440844668e5937cd2afb5a48dd5a17a3530fc4f9868038e305723.exe family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/0e9ed9a55cd440844668e5937cd2afb5a48dd5a17a3530fc4f9868038e305723.exe
Files
-
2b274de1ba95b66b41fd57ba95e10653.bin.zip
Password: infected
-
0e9ed9a55cd440844668e5937cd2afb5a48dd5a17a3530fc4f9868038e305723.exe.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 64KB - Virtual size: 64KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ