Behavioral task
behavioral1
Sample
Nursultan Client.exe
Resource
win11-20240802-en
General
-
Target
NursultanAlpha.rar
-
Size
46KB
-
MD5
cffb4f2950ab2e8d178619846aba3d3a
-
SHA1
05914b67699c2363de5ef87e1c3f64e98c3e74b2
-
SHA256
3fc6f29620ca3d2d3dcad02688d1280ab9ded7ec00187e2396fa8462e90d9a8e
-
SHA512
4ba0b14d022ea8c3faeded5de744a120f86d972aa9a4eb46998e2a2062f78d31d4aeef603f4551225c3f7ee67935348c0d92ebbdb86bd20bc0249692d0755fff
-
SSDEEP
768:PqLbyVhiIUpYioG0zdD8hxgZD8fGGjjVnRIVkDIZwJTpV2PxUyN3AJDSEWOlx3j:Xn+K1pNek4fGENRIVUIZwhpkPxp3AJse
Malware Config
Extracted
xworm
letter-pairs.gl.at.ply.gg:56734
-
Install_directory
%Temp%
-
install_file
USB.exe
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule static1/unpack001/Nursultan Client.exe family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/Nursultan Client.exe
Files
-
NursultanAlpha.rar.rar
-
Java/About Java.lnk.lnk
-
Java/Check For Updates.lnk.lnk
-
Java/Configure Java.lnk.lnk
-
Java/Get Help.url.url
-
Java/Visit Java.com.url.url
-
MUST SEE.txt
-
Nursultan Client.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 70KB - Virtual size: 70KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ