General
-
Target
4b9d11ad0a32fd2d76d4d8e9256f13df37b7628df9eb50b21dd11016d0a4ca22.zip
-
Size
39KB
-
Sample
230321-r51jdsde9z
-
MD5
16bd4e9fe11e77ef81b87d735494fb77
-
SHA1
ddb2d1ec74a17feaaef4b4a98ae351f8e1ac9d58
-
SHA256
9a05cdb4522f87a43ecbbd7cf4de4e6ee9d84b114c7d3430ac86891df6836eda
-
SHA512
8efdcc67f785aaedd3136b24f65549fd722045845ec00de747e06c917fa618baef47cf8875148b0fe911876c9ec62934d63f4f2b0315c898d1653e7fde1969f4
-
SSDEEP
768:t+favPdhkSjg0ZcP8IsELo1NaxeTndIIKYCOVwuNbnVTG6a714PmZj:t95g0DIuGxeTndIvYCiXViJ1NZj
Malware Config
Targets
-
-
Target
4b9d11ad0a32fd2d76d4d8e9256f13df37b7628df9eb50b21dd11016d0a4ca22.exe
-
Size
66KB
-
MD5
8682c4dc2e3ae57079e9ada0943b813d
-
SHA1
d855ac963756f24d67297c1c9b94b86d6e5350ba
-
SHA256
4b9d11ad0a32fd2d76d4d8e9256f13df37b7628df9eb50b21dd11016d0a4ca22
-
SHA512
a7eb2a5db32d0b96e0bc761454bf9bc40bde24ff8a6eab52c799d6438c2e64d1b0fb914a75b34256e488f76b9ec7423eea82537a772f599b8e02e8199c8e5ace
-
SSDEEP
1536:Yd077VI2kTksimD7A9sb0sBmaOu8EJSRK:Z9kT5imD7Osb0umaOuxGK
Score10/10-
Xworm
Xworm is a remote access trojan written in C#.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-