xworm | Solara[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Solara.exe
Size

439KB
MD5

bbc212bd99b3cdbdf9ebea621b2ec078
SHA1

31b3bd37ea5c37ee034ed92c3643fef177b130e5
SHA256

def6f4ec76d2069322983c6eca95a313cb9a8d2456447dae67db7cb1dfe3acdd
SHA512

286e2dbe13d9e3732406bda3d55a1a673deb1c8f81669d8d8dc1d2bc5e30f2e8dbd13fc59bef3d13417afc1427243c51223d754422b2efd45b20600987c11737
SSDEEP

1536:Y52g9057DKXIvjKqx+bSIijoJLU6Bv0JVOfCTPnlp4Z9l:42V8q+bSIjv07Oq734ZP

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:13970

accessories-retrieve.gl.at.ply.gg:13970

Attributes

Install_directory
%AppData%
install_file
Loader.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Solara.exe

Files

Solara.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 363KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ