xworm | VenomRat[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

VenomRat.exe
Size

74KB
MD5

8bdb5cf4cdc68eb898c0d4819607b96f
SHA1

abe2f9b5540cdcc169e0c10276039f952a145269
SHA256

778b20a18ecbf924d653e3066bf650b752bac7cd7a0c35d7aef1a824870793c7
SHA512

3e36dcb05841d4b46747c42ca2a8d5dadd4aa6cdfde350f833a64091f93341fc9c7a45a9e7a20db8369cf9ef48e5e1b1593cd6371c9e1fdb2dc62973d342abd6
SSDEEP

1536:8lnbgrvV58TdPZegtB+/kYZbdUIVkmETOz91vOZwn40d:85bgrNaxvA5ZbSI0TOhIN0d

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

22.ip.gl.ply.gg:33199

Attributes

Install_directory
%AppData%
install_file
USB.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VenomRat.exe

Files

VenomRat.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ