xworm | GDsploit[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

GDsploit.exe
Size

67KB
MD5

4785fd1cb66f7708799a91d538ccd858
SHA1

d5f8cfe23cda37ea9b71ec7f711cd8a3bb49cf78
SHA256

e60684105e63cdc94d9e579453ed6bb3adf524200818a12e9b8da6b0a5de526d
SHA512

b0b74d3761eac661b632a01486c538f7ccb67d28f2164a550fe4a71cab0e5ff6d789f0ebd7cd87e557e1f250018090b1f0555de1325596c65c31154c0c1e2ff2
SSDEEP

1536:PLl9MghdGEcihOrd7G+qab74gR7ScM6qsIGOiyaJr:PBuYEbb797ScgsIGOi1r

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

external-nj.gl.at.ply.gg:37723

Attributes

Install_directory
%AppData%
install_file
USB.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
GDsploit.exe

Files

GDsploit.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ