General
-
Target
CLENT.exe
-
Size
41KB
-
Sample
240428-g834ksac21
-
MD5
be28690cdf6506575c00e0cec6757c66
-
SHA1
13a72c99c837ec405d7861bf8e768a986bb9429e
-
SHA256
22b8c4ed7f497d77701df17eb46149e91521f4ba339ca8383d83d3f99e26986c
-
SHA512
f6bf3455b453766d61c4531a91a86829b277f91dbd9dcffa41fbd37b349ce33dc93a8ffe1f14dcb3927939c8973c90ec24fbdf1d21ff27bbc1be5275be999cee
-
SSDEEP
768:DNreDweeLOoHdSgDdeLRXvgggULJF5PG9pmjD6vOwh53Euzp:D4DweQldSgDI9Xvvg+FI9AjD6vOwjFV
Behavioral task
behavioral1
Sample
CLENT.exe
Resource
win11-20240426-en
Malware Config
Extracted
xworm
5.0
127.0.0.1:29058
tue-jake.gl.at.ply.gg:29058
uLAf44bP3Na3sWni
-
Install_directory
%AppData%
-
install_file
$77client.exe
Targets
-
-
Target
CLENT.exe
-
Size
41KB
-
MD5
be28690cdf6506575c00e0cec6757c66
-
SHA1
13a72c99c837ec405d7861bf8e768a986bb9429e
-
SHA256
22b8c4ed7f497d77701df17eb46149e91521f4ba339ca8383d83d3f99e26986c
-
SHA512
f6bf3455b453766d61c4531a91a86829b277f91dbd9dcffa41fbd37b349ce33dc93a8ffe1f14dcb3927939c8973c90ec24fbdf1d21ff27bbc1be5275be999cee
-
SSDEEP
768:DNreDweeLOoHdSgDdeLRXvgggULJF5PG9pmjD6vOwh53Euzp:D4DweQldSgDI9Xvvg+FI9AjD6vOwjFV
Score10/10-
Detect Xworm Payload
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-