xworm | fatility[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fatility.exe
Size

76KB
MD5

831ebd4e5008e8255a534b2947c7098f
SHA1

5aef2dde752b8c5bf035084b0b53d32f3a9b4440
SHA256

4f3c080c3f116900e2b722dbe252f72981664f3c665095e4cb133dd2e304e662
SHA512

7707becf0cb740a3546411adf926cac30a4ef1fa4b217384bebe86681c674df4e9c61d7a98b05365c6bd5ec1832b0d9c0f46c0254dbc06a2bc708794c7d30e3d
SSDEEP

1536:J8x8MCJk/xKcw7V8287bn5Tnxy6B6f2nL9Owg/zorR8:ax8LJkocw7zMbn5TnVdhOnLo18

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

t-abc.gl.at.ply.gg:29321

192.168.1.45:29321

Attributes

Install_directory
%AppData%
install_file
windowshelp.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fatility.exe

Files

fatility.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ