xworm | 250302-wzd6es1ly6_pw_infected[.]zip | Triage

Sharing

General

Target

250302-wzd6es1ly6_pw_infected.zip
Size

110KB
MD5

f8146c18b74b4ddc7eeceff7a3b72329
SHA1

db0e6fa11d1b25ae16f51f8ddc085d6037b8445f
SHA256

accffc151ff6311d08049f2f40b4254f47789927c1f463824879f81912013427
SHA512

744289ee844a1882af551e20e1f69f940e9e82cca3616ef8f6b43c248f65fbf0fd02c9a319719bb93e5621dd5e8e716917cd95410ecea4b99ca047d2a22667ff
SSDEEP

1536:W+LBaL05g/o3SkFyRCF/kM6JaLJF3A6ZqECrhS6RaVldErPRM1z9yr:R44T3SH4+8LJF3A6ZqECrMldQPORe

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

Version

5.0

Attributes

install_file
Mason.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
static1/unpack001/MasonRootkit.exe	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MasonRootkit.exe

Files

250302-wzd6es1ly6_pw_infected.zip
.zip

Password: infected
MasonRootkit.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 226KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ