xworm | Playit[.]gg[.]exe | Triage

Sharing

General

Target

Playit.gg.exe
Size

41KB
MD5

e462d14323ba8c46b3c49c6f0a47a28a
SHA1

28812e5914ffba4cd87a2394e9fe1ce41b5384be
SHA256

3ba9770b83cd3c91ab3a959acb7deefc9bd5af4bc90ae46f3be32412d0de7e7a
SHA512

1bb75204a33e91e1375490707e0de44758b558eca260999f8b4f53c8748593752efbfd28fceaaf1b0d92caf7b6e886c4ba10aeffff7fab9524510f3464b9b610
SSDEEP

768:hmrJDweBDuOkScrbsN/x6eqCAr43MxfJF5Pa9p+gt6iOwhi3/ibl:h0DwewicrbsN/YVRrNRF49Igt6iOw8ax

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

category-rose.gl.at.ply.gg:36607

Mutex

0vUq2IOz4vEduQhF

Attributes

Install_directory
%AppData%
install_file
USB.exe

aes.plain

Signatures

Detect Xworm Payload 1 IoCs

Processes:

resource yara_rule

sample family_xworm
Xworm family
xworm
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

Playit.gg.exe

Files

Playit.gg.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ