Behavioral task
behavioral1
Sample
2024-07-01_4cbd2f5201ad48eee23285fa5bd1b0db_hiddentear.exe
Resource
win7-20240611-en
General
-
Target
2024-07-01_4cbd2f5201ad48eee23285fa5bd1b0db_hiddentear
-
Size
162KB
-
MD5
4cbd2f5201ad48eee23285fa5bd1b0db
-
SHA1
36b9840c9bc6a1f5355765274fed589a453822f8
-
SHA256
e9a7cd4800b26c3a79f0595ee797afdaa43d39307cc203a555e3265365977347
-
SHA512
a96ed9090b45ca891e1e8c189c5d21e3ed8ed2705c1f07e16126d3df1acbe76bfb65a7a9710d8d31c354d9205478f6d5897161918f15cc5c58710324b5ea6627
-
SSDEEP
3072:ST2oLp7ZAZb1O28wROqcAM+lmsolAIrRuw+mqv9j1MWLQI:UxgbDCT+lDAA
Malware Config
Extracted
xworm
3.1
172.94.32.98:7600
-
Install_directory
%AppData%
-
install_file
USB.exe
Signatures
-
Detect Xworm Payload 1 IoCs
Processes:
resource yara_rule sample family_xworm -
Detects Windows executables referencing non-Windows User-Agents 1 IoCs
Processes:
resource yara_rule sample INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2024-07-01_4cbd2f5201ad48eee23285fa5bd1b0db_hiddentear
Files
-
2024-07-01_4cbd2f5201ad48eee23285fa5bd1b0db_hiddentear.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 62KB - Virtual size: 61KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 99KB - Virtual size: 98KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ