Behavioral task
behavioral1
Sample
shtorm_sb.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
shtorm_sb.exe
Resource
win10v2004-20240709-en
General
-
Target
shtorm_sb.exe
-
Size
238KB
-
MD5
2faf13feda202796051c439b5abd8d48
-
SHA1
5c2d1f4be4f7dcef2f5577a15ea3f31c59ddbe8b
-
SHA256
cde6b414622136dd14a5a025f6d8fe2313c36a347086fceb168b5dff1a6c288b
-
SHA512
dd46a3f553ff3bf0a39b8f4132d1053ac1758b2befb8a1b096455bd7812f2bcaf29fc9dcf00ef0bb972b4c27e47cc2b347f3fe4e58bab7708be1855fd7bdf2b9
-
SSDEEP
1536:tDeWitn1NIohnWQoJ0GSbhdp2QfV9XBqn6MHxOwz3i+7BanqY5DW1T:VePbVnhuSbvppn8ROwzrirDcT
Malware Config
Extracted
xworm
127.0.0.1:13244
close-material.gl.at.ply.gg:13244
-
Install_directory
%AppData%
-
install_file
svсhost.exe
Signatures
-
Detect Xworm Payload 1 IoCs
Processes:
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource shtorm_sb.exe
Files
-
shtorm_sb.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 73KB - Virtual size: 73KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 164KB - Virtual size: 163KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ