xworm | Solara[.]exe | Triage

Sharing

General

Target

Solara.exe
Size

1005KB
MD5

d1a6835f7934684efb8df6b6f2d8a9df
SHA1

56f4e81d4663181f139e5b7b165e41611cbcc472
SHA256

2b0521e21f41e110682b1871824451a9826a4ff2f5691d4e25186b36b0294146
SHA512

c9e0557c3251c7a5d805c6e4047cee99949dab9a702e4e076e4ec0d9f0969b0210f4ca29c36ea7b4e15c43a70c7c076c0718df1b72bac057b2af7f3605f5908d
SSDEEP

12288:xE5dY26i2vTGY1Dg6x7L1uq2/OBPQu43D8fPVle8IoaBcHl8ANTSwAlZw:x2r2yAPC8eRBcHl8gTSHXw

Score

10^/10

xworm 44caliber

Malware Config

Signatures

44caliber family
44caliber
Detect Xworm Payload 1 IoCs

Processes:

resource yara_rule

sample family_xworm
Xworm family
xworm
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

Solara.exe

Files

Solara.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 770B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 997KB - Virtual size: 996KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ