General

  • Target

    Seliware.zip

  • Size

    5.1MB

  • MD5

    6c34ff0cbbf89ba4d024738f9c02d2d7

  • SHA1

    ad3b1dc665d47574e0bb609af318853900c0d58c

  • SHA256

    93b147eb9ab24c2a3db94b7d7b75013f569d60ee55c89ab362daa60205a54a2a

  • SHA512

    525125885a71592a9f820b99a9bdf3fbd9a920f4fd14e7206a6e06ff7280a801e9494fb054ca4c81878ee152e6c8cf1d44d9fc512b91ce2d9d23a38414788bba

  • SSDEEP

    98304:Y3Qp7BelX4mUoJK8p5PO+nlZFJd+dNCAcBqFRyBNj3PW4xHSR:YudM4VoJKyPOod+dEBWR2j3pHSR

Score
10/10

Malware Config

Extracted

Family

xworm

C2

educational-scores.gl.at.ply.gg:53465

Attributes
  • Install_directory

    %AppData%

  • install_file

    svchost.exe

  • telegram

    https://api.telegram.org/bot7747512039:AAE82CvJd42E5_bXF5pw1ilKYqA20mlvK44/sendMessage?chat_id=7476312671

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • Seliware.zip
    .zip
  • Seliware/Microsoft.Web.WebView2.Core.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Seliware/Microsoft.Web.WebView2.WinForms.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Seliware/Microsoft.Web.WebView2.Wpf.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Seliware/Newtonsoft.Json.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Seliware/Seliware.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • Seliware/SeliwareUI.dll
    .dll windows:6 windows x64 arch:x64

    1e73edae11be0aa3151cd923974d618e


    Headers

    Imports

    Exports

    Sections

  • Seliware/api-ms-win-crt-convert-l1-1-0.dll
    .dll windows:10 windows x64 arch:x64


    Code Sign

    Headers

    Exports

    Sections

  • Seliware/api-ms-win-crt-filesystem-l1-1-0.dll
    .dll windows:10 windows x64 arch:x64


    Code Sign

    Headers

    Exports

    Sections

  • Seliware/api-ms-win-crt-heap-l1-1-0.dll
    .dll windows:10 windows x64 arch:x64


    Code Sign

    Headers

    Exports

    Sections

  • Seliware/api-ms-win-crt-locale-l1-1-0.dll
    .dll windows:10 windows x64 arch:x64


    Code Sign

    Headers

    Exports

    Sections

  • Seliware/api-ms-win-crt-math-l1-1-0.dll
    .dll windows:10 windows x64 arch:x64


    Code Sign

    Headers

    Exports

    Sections

  • Seliware/api-ms-win-crt-runtime-l1-1-0.dll
    .dll windows:10 windows x64 arch:x64


    Code Sign

    Headers

    Exports

    Sections

  • Seliware/api-ms-win-crt-stdio-l1-1-0.dll
    .dll windows:10 windows x64 arch:x64


    Code Sign

    Headers

    Exports

    Sections

  • Seliware/api-ms-win-crt-string-l1-1-0.dll
    .dll windows:10 windows x64 arch:x64


    Code Sign

    Headers

    Exports

    Sections

  • Seliware/bin/Monaco/index.html
    .html .js polyglot
  • Seliware/bin/Monaco/vs/base/worker/workerMain.js
    .js
  • Seliware/bin/Monaco/vs/basic-languages/lua/lua.js
  • Seliware/bin/Monaco/vs/editor/editor.main.css
  • Seliware/bin/Monaco/vs/editor/editor.main.js
    .js
  • Seliware/bin/Monaco/vs/editor/editor.main.nls.de.js
  • Seliware/bin/Monaco/vs/editor/editor.main.nls.es.js
  • Seliware/bin/Monaco/vs/editor/editor.main.nls.fr.js
  • Seliware/bin/Monaco/vs/editor/editor.main.nls.it.js
  • Seliware/bin/Monaco/vs/editor/editor.main.nls.ja.js
  • Seliware/bin/Monaco/vs/editor/editor.main.nls.js
  • Seliware/bin/Monaco/vs/editor/editor.main.nls.ko.js
  • Seliware/bin/Monaco/vs/editor/editor.main.nls.ru.js
  • Seliware/bin/Monaco/vs/editor/editor.main.nls.zh-cn.js
  • Seliware/bin/Monaco/vs/editor/editor.main.nls.zh-tw.js
  • Seliware/bin/Monaco/vs/loader.js
    .js
  • Seliware/libcrypto-3-x64.dll
    .dll windows:6 windows x64 arch:x64

    4cdf5b8d7e92d6a981adf2f2bc76cf76


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Seliware/libssl-3-x64.dll
    .dll windows:6 windows x64 arch:x64

    a68e19b72bf615dc5689a862e51c72dc


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Seliware/msvcp140.dll
    .dll windows:6 windows x64 arch:x64

    9433fb5ddec7b65c9b51bd9dc5813de2


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Seliware/runtimes/win-arm64/native/WebView2Loader.dll
  • Seliware/runtimes/win-x64/native/WebView2Loader.dll
    .dll windows:10 windows x64 arch:x64

    f6946d311bccc86e2042a388e375de41


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Seliware/runtimes/win-x86/native/WebView2Loader.dll
    .dll windows:10 windows x86 arch:x86

    72229ff546c74d09d9030ca49ce61b31


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Seliware/ucrtbase.dll
    .dll windows:10 windows x64 arch:x64

    405cde0fc80c30dcc3d783173dbd4143


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Seliware/vcruntime140.dll
    .dll windows:6 windows x64 arch:x64

    7f91c705cf579114968b3edc12e1175e


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Seliware/vcruntime140_1.dll
    .dll windows:6 windows x64 arch:x64

    72707e942878aac770fcc118ce3ec1c9


    Code Sign

    Headers

    Imports

    Exports

    Sections