xworm | testing[.]exe | Triage

Sharing

General

Target

testing.exe
Size

44KB
MD5

b3971f1b65bb028eef9d391f20c302b0
SHA1

82cddbc56599c38b5c26c699b3a395db5806d1c8
SHA256

25e1a1ee163b55eb7457abe7d474ce661b84afd75bce36a56c1d8ca2aa563e00
SHA512

89f2248fae356b927903adaa2bb6c4876eb87a43bda6a429e56fe0f159a4f92b3eb304c97b1ac37c7e3549c6dcfcb55cdfcc3d38372d5553b9d3eb7f283db2b4
SSDEEP

768:nYUrZTtRt6dQxOBFxan7Jga/kbQ5aIqPuAka5XLOnhvLK4:Y63qdQ0BYJpkbQ5aIqNXLOnVV

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

0.tcp.ap.ngrok.io:12725

Attributes

Install_directory
%Public%
install_file
hh.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
testing.exe

Files

testing.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ