General
-
Target
c4067d965604f4f37a63f298b22cc4d0.exe
-
Size
157KB
-
Sample
230227-la7fkach56
-
MD5
c4067d965604f4f37a63f298b22cc4d0
-
SHA1
325b70cdf286d63934fe34f51dd6da3a8b672081
-
SHA256
6f2e22d541680c151da164b02f916a3d72da0517b2f052f7356d05e8b374690b
-
SHA512
dd7f7c06e2d28c84f901dbe1ee55963342ec60b08fac54e404185b70b0ef10090df797ca72e9adc42d3ba9ed32aa71f344e3f277529c92f43fc82603a5a8e12e
-
SSDEEP
1536:tTP0/lt9ZWAUpysZbALBYoz6M9OvW/CdEB:tTs/lt9rUpysZbAL62OvzdEB
Malware Config
Targets
-
-
Target
c4067d965604f4f37a63f298b22cc4d0.exe
-
Size
157KB
-
MD5
c4067d965604f4f37a63f298b22cc4d0
-
SHA1
325b70cdf286d63934fe34f51dd6da3a8b672081
-
SHA256
6f2e22d541680c151da164b02f916a3d72da0517b2f052f7356d05e8b374690b
-
SHA512
dd7f7c06e2d28c84f901dbe1ee55963342ec60b08fac54e404185b70b0ef10090df797ca72e9adc42d3ba9ed32aa71f344e3f277529c92f43fc82603a5a8e12e
-
SSDEEP
1536:tTP0/lt9ZWAUpysZbALBYoz6M9OvW/CdEB:tTs/lt9rUpysZbAL62OvzdEB
Score10/10-
Xworm
Xworm is a remote access trojan written in C#.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-