xworm | skibidi[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

skibidi.exe
Size

220KB
MD5

088e4ffcfc3eab93c55784751bdf6f7d
SHA1

6b952a2678d43504c9ce63dc8b7531d0696cb081
SHA256

5949ae79dcbc2454d7abd531c7c1b0cc51eb3a32e7bbdaa0686b97834ed972e7
SHA512

4c1913791b7ee39116c15c899edddcd581e1ad3e6280389fa6c146c238d0003feba85f1a30d1d3514cc5ee453ab2be9750108a6aac1c776fe1061e97edff821a
SSDEEP

3072:5h+DwIkbVjQ+PiOzXb8SKfbzxcwg7es6/Vsb8VKTu549oJMfF/H9N3Ky9NzLnx:50wDbeWrUhcX7elbKTua9bfF/H9d9n

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:8888

Attributes

Install_directory
%AppData%
install_file
skibidi.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
skibidi.exe

Files

skibidi.exe
.exe windows:4 windows x86 arch:x86

Password: 123

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ