Behavioral task
behavioral1
Sample
dd4c271013a197bb197b6d0558d98c05374d337a57cc5fefd5ef1ec8f01f8608.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
dd4c271013a197bb197b6d0558d98c05374d337a57cc5fefd5ef1ec8f01f8608.exe
Resource
win10v2004-20241007-en
General
-
Target
dd4c271013a197bb197b6d0558d98c05374d337a57cc5fefd5ef1ec8f01f8608.exe
-
Size
68KB
-
MD5
a30dc93d4ccb4526ac16beb598787e80
-
SHA1
1acaf45fe7837744ce5dfb0c56794b002743d851
-
SHA256
dd4c271013a197bb197b6d0558d98c05374d337a57cc5fefd5ef1ec8f01f8608
-
SHA512
a68f5a7f088b3d35d1b5ffea4e26aa67e3e4904f0d79aa5bea96678ebf03bb09ca7b24f6df853a851e6df46fe6c7e257f1ef437ba8a05be3c7d55b4b39dac7b4
-
SSDEEP
1536:tJ9q/zoKLGy0VWkgY6Zh+bli9v67vGZO+knnVRZ:8boKLjkeYA+bl7vGZOnnnnZ
Malware Config
Extracted
xworm
147.185.221.23:19686
-
Install_directory
%AppData%
-
install_file
USB.exe
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource dd4c271013a197bb197b6d0558d98c05374d337a57cc5fefd5ef1ec8f01f8608.exe
Files
-
dd4c271013a197bb197b6d0558d98c05374d337a57cc5fefd5ef1ec8f01f8608.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 66KB - Virtual size: 65KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ