xworm | c408425a0dc646e884eb6e6cba515c1d[.]bin

General

Target

c408425a0dc646e884eb6e6cba515c1d.bin
Size

17KB
MD5

8aecb8f439169431b02afe26db79efe8
SHA1

67e419cc4ea3aa9946f210d053aa53a933786e64
SHA256

9c317750a2595ebdde0565ade5b53ab453390084228d69b0f62da4046502ea64
SHA512

a1496ddb96276d3d304cfaea9d2c9f463e22d3bd1910d2d6a7283ce113377d2018a59d5de1bf1871811acb22e48f5b6184f1782ba9624892b42e1fcc62bb8308
SSDEEP

384:BzBXBQpnU39v59GRk2sfXI/+kYc9pR9+5dW2Lzm:PXYU39B9GRk2sfXxrc9p6W

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

46.150.81.213:7000

Mutex

6xOBTSnAE6nzpH2N

Attributes

Install_directory
%AppData%
install_file
X.exe
telegram
https://api.telegram.org/bot5730542754:AAGcXuKiNtiWQJAJnjgM64USDcYhKvCiXOE/sendMessage?chat_id=954433903

aes.plain

Signatures

Detect Xworm Payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/2a54f4eab3ca040db63eaa23bce35f4776535ebac024dc958480c099728b030f.exe	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/2a54f4eab3ca040db63eaa23bce35f4776535ebac024dc958480c099728b030f.exe

Files

c408425a0dc646e884eb6e6cba515c1d.bin
.zip

Password: infected
2a54f4eab3ca040db63eaa23bce35f4776535ebac024dc958480c099728b030f.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 33KB - Virtual size: 32KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 33KB - Virtual size: 32KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B