xworm | Nigger[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Nigger.exe
Size

57KB
MD5

04f822f9c23117d0c6e367f9da6bf93f
SHA1

045b091627a429afccc357545ca2e15b9c5de6a1
SHA256

f243379a91d2ddc5668624e06c8b0ad3f646ba3ad98dd23d088ff9a1654cbc41
SHA512

3f40892f9dc0bfd3a47802697f6078af8130b6d211c5e3b26b93f5bee3c22403e83647d223e6f18c5f6633d4c4d1c24da9c9b73ee07926ed9a67f6f4d39e2b42
SSDEEP

1536:VwRQhQv1Gts/WcUxV+bY9I41A3ZP1bMJOgdEv:+KQvIseND+bYu3ZPRMJOgWv

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

thread-advanced.gl.at.ply.gg:5372

Attributes

Install_directory
%AppData%
install_file
Nigger.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Nigger.exe

Files

Nigger.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ