xworm | sdsd (1)[.]exe | Triage

Sharing

General

Target

sdsd (1).exe
Size

42KB
MD5

77131893d1d6deaa0c9b4cc54e2a517c
SHA1

7f4ec57d8eb0a42e97fa58cd6bd79d1ae30017a6
SHA256

34ea7721b4bbd41bea0c41718e4d0526648ce1db87b3a479b2e6040e7f405562
SHA512

7ee4ba592d2b7c8fe9f5e912daa3828e7f41640047f803b3f167138c9a0b878d5c565d6dd2df3b70de3eea0b2cb2208889f6e52092e10b49fc85d4978d44610a
SSDEEP

768:ZPxbPfC8mN0rpyy5r8OC/NM0M05F3o9hEwO+h41L7dRs:ZPxbPaJN0UyiOxcFY9hzO+e13k

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

2.58.56.88:7000

Mutex

JCqsviPCeDOFTfE1

Attributes

Install_directory
%AppData%
install_file
microsoft.exe
telegram
https://api.telegram.org/bot6748776206:AAEhhUNx0aGGcH_eEbjbmS7YdbGSRHXm-S4/sendMessage?chat_id=1314740060

aes.plain

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
sdsd (1).exe

Files

sdsd (1).exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ