xworm | Binaries[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Binaries.rar
Size

1019KB
MD5

9f0a1e5448e276fd9a1868b08261b258
SHA1

bd0e596a0dacba429edc5d06ca23df7a6136682e
SHA256

5d112a86cfba7fc6a1a176b08fb203eb98d103ba95f9edf6adb72c70558f0c96
SHA512

3a81021e2bff42b1e861d791c9f9089853b5d8e44a8b12aa3f2018a6eba55ee3de3f744c75e2021f6570f7712b1dc1589ff1aa52a4804f02f2111dc3de0a2d52
SSDEEP

24576:uc7mwB4VdnJuGYlLS1GmezoXZUnfG4vLjcl7FpOR5wG24q+h:cU4TeVqaoXO+4vv+fORR24q2

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

Version

5.0

multi-referral.gl.at.ply.gg:43504

Mutex

L9qlmFNDu8drSdGe

Attributes

Install_directory
%Userprofile%
install_file
SecurityHealthSystray.exe
telegram
https://api.telegram.org/bot7999164804:AAFnlMmOEm_tg1MgP0Rjs4-EAp9cjIouFj4/sendMessage?chat_id=5462166893

aes.plain

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
static1/unpack001/RuntimeBroker.exe	family_xworm

Xworm family
xworm

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PROLoader.exe
unpack001/RuntimeBroker.exe
unpack001/dnlib.dll

Files

Binaries.rar
.rar
Icons/icon (1).ico
Icons/icon (10).ico
Icons/icon (11).ico
Icons/icon (12).ico
Icons/icon (13).ico
Icons/icon (14).ico
Icons/icon (15).ico
Icons/icon (16).ico
Icons/icon (17).ico
Icons/icon (2).ico
Icons/icon (3).ico
Icons/icon (4).ico
Icons/icon (5).ico
Icons/icon (6).ico
Icons/icon (7).ico
Icons/icon (8).ico
Icons/icon (9).ico
PROLoader.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RuntimeBroker.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dnlib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/_/src/obj/Release/net35/dnlib.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ode.bin
shell.txt

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 320KB - Virtual size: 320KB

.rsrc Size: 170KB - Virtual size: 170KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 33KB - Virtual size: 33KB

.rsrc Size: 187KB - Virtual size: 186KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 320KB - Virtual size: 320KB

.rsrc
Size: 170KB - Virtual size: 170KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 33KB - Virtual size: 33KB

.rsrc
Size: 187KB - Virtual size: 186KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.1MB - Virtual size: 1.1MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B