xworm | 1[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1.exe
Size

68KB
MD5

8f92624441f23679bc48c7b610e291d5
SHA1

a3501cae18717a857ef70d0ba13ff1071b18b823
SHA256

c009c1d55550f5eb5bea14ffe0b139f9e0e474726c6517833fd4b55a4407ae52
SHA512

d902a1171960c88f22862d9dcaa15a8e78f2bd4c58fc15fb8fd22207825db3a5f96fe03c9376950f2e6bb0c65724e398ff27882ebf120a99bad8b69de87903fc
SSDEEP

1536:/RUuIw7EoZYzjHeMdYisEY8pR7K2Ob8r5anaNM6RVloWO57r5f:J5lMKER7vOb8rXNHVFO57r5f

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

31.208.113.236:15727

147.185.221.16:15727

Attributes

Install_directory
%AppData%
install_file
test61.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1.exe

Files

1.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ