xworm | ipban_remove_cssv34[.]exe | Triage

Resubmissions

28/09/2024, 12:07

240928-padd9sverq 10

28/09/2024, 12:03

240928-n76awavdqp 10

Sharing

Copy URL Twitter E-mail

General

Target

ipban_remove_cssv34.exe
Size

82KB
MD5

a5757f8d3de37b4f0269b4a3dea66f5c
SHA1

e70b3dc2a515783e36e442603dddce0b1f5a48ff
SHA256

a7dec9211ef5ddab3ab4cf3e4c6cba5e2b0c97dfca149f0c70dcefb01ed5c6ca
SHA512

fa289da703030395a60b286c6dcc2871f07103222652e186ee4f496e41115c3a7b07428ac094b1fe20f9f060cf4d69ff404529fbf67d051d35aa6b4bf1a296fd
SSDEEP

1536:084m+qMAUqeuiDjhOwQEqbEFnLdh9VwxnlufKX7X5XYZXP/b12:0844MAnPiD1qEqbELh9VKuyLJI//bg

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

147.185.221.22:62812

Attributes

Install_directory
%AppData%
install_file
ipban_remover_cssv34.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ipban_remove_cssv34.exe

Files

ipban_remove_cssv34.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ