Behavioral task
behavioral1
Sample
07ecf0ee68a52e1783da654389f5adaa861b5e7cfff04cbec504e721cc3a11ad.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
07ecf0ee68a52e1783da654389f5adaa861b5e7cfff04cbec504e721cc3a11ad.exe
Resource
win10v2004-20240508-en
General
-
Target
ada4045ee6399dc5733826a4d7e43a10.bin
-
Size
20KB
-
MD5
13e2d8c8fc3ca74bcdaeed86ae2be0d3
-
SHA1
1af41a2635599d0b1194426969522d228f00781b
-
SHA256
6c5dd289cd2ec3345727cbe7430e50c7743596c5b1d258065e23c7a02865c1c4
-
SHA512
1524d3a3c398603edd727909c5f3eb7a59baa118802ea62c6abd4ea77c47101e65fe4dc07be55eac7da929d4fd044f1f6e4cf6199dd66c79b6483676f3c734b2
-
SSDEEP
384:dLwcl8Gi+Fy8m/nH2NdtfakTYAeKTuc6IDu36O+aTO25AR/tDmzv+zj3j+HL:ye8D+FsWztfzeM6Mu36Og2yZt6mfT+HL
Malware Config
Extracted
xworm
5.0
156.225.129.202:7000
lUhImY84qBJOkvuH
-
Install_directory
%AppData%
-
install_file
crss.exe
Signatures
-
Detect Xworm Payload 1 IoCs
Processes:
resource yara_rule static1/unpack001/07ecf0ee68a52e1783da654389f5adaa861b5e7cfff04cbec504e721cc3a11ad.exe family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/07ecf0ee68a52e1783da654389f5adaa861b5e7cfff04cbec504e721cc3a11ad.exe
Files
-
ada4045ee6399dc5733826a4d7e43a10.bin.zip
Password: infected
-
07ecf0ee68a52e1783da654389f5adaa861b5e7cfff04cbec504e721cc3a11ad.exe.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ