General
-
Target
XWorm V3.1.exe
-
Size
7.0MB
-
Sample
230318-ssv9kseg6t
-
MD5
e0b3a2c3df9a18ad71e1293a3195cadf
-
SHA1
f48a0d2c47f1db77457e894d4e72bb3ddd6b0691
-
SHA256
7786135b3cd7225c0fd83b1fc05efb702ae015d124326dfb4947d4e2addaab69
-
SHA512
b2c091d50902ed44f7de80ec84bff8894bee0fce5ac0e53536048ae8d6cfc0c719771dab7ae5f585cd608fe86f50d8c25219faa7daef7720d0f2b557a9af972e
-
SSDEEP
196608:Nn1Q6B/XKUDz9NoUXJzUWi7MYjBVvo5/km:N1FlaU/9NZXJZinjB9oxj
Behavioral task
behavioral1
Sample
XWorm V3.1.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
gozi
Targets
-
-
Target
XWorm V3.1.exe
-
Size
7.0MB
-
MD5
e0b3a2c3df9a18ad71e1293a3195cadf
-
SHA1
f48a0d2c47f1db77457e894d4e72bb3ddd6b0691
-
SHA256
7786135b3cd7225c0fd83b1fc05efb702ae015d124326dfb4947d4e2addaab69
-
SHA512
b2c091d50902ed44f7de80ec84bff8894bee0fce5ac0e53536048ae8d6cfc0c719771dab7ae5f585cd608fe86f50d8c25219faa7daef7720d0f2b557a9af972e
-
SSDEEP
196608:Nn1Q6B/XKUDz9NoUXJzUWi7MYjBVvo5/km:N1FlaU/9NZXJZinjB9oxj
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-