General
-
Target
Steam Checker V0.1 By Abbadon.exe
-
Size
466KB
-
Sample
230326-xkzdgsbf3y
-
MD5
1191fde33722c3e1aba8711b0983eb98
-
SHA1
8f9a4612b672462aaeb65663cd9b4b8dd16ce345
-
SHA256
25436b650ac4365eac19bbe56d8bfd79045fb437de6f5476254ac96a6d7afb94
-
SHA512
d872b5a8845bd13d90b7c09eb4838d64e3b491b1a92d9a2f91fc7aad696e8cb2cd3ddc4bb07930bdd7be719b001fb39f752f8584c40fac6f6671e9255ec461ad
-
SSDEEP
6144:7t+J2xLKMBCNCc994aCVoYxQOK+GIIIIIIIhIIIIIIIIIIIIIIIU:x+01Bqp99A6b8
Malware Config
Extracted
xworm
considered-arrest.at.ply.gg:19159
-
install_file
USB.exe
Targets
-
-
Target
Steam Checker V0.1 By Abbadon.exe
-
Size
466KB
-
MD5
1191fde33722c3e1aba8711b0983eb98
-
SHA1
8f9a4612b672462aaeb65663cd9b4b8dd16ce345
-
SHA256
25436b650ac4365eac19bbe56d8bfd79045fb437de6f5476254ac96a6d7afb94
-
SHA512
d872b5a8845bd13d90b7c09eb4838d64e3b491b1a92d9a2f91fc7aad696e8cb2cd3ddc4bb07930bdd7be719b001fb39f752f8584c40fac6f6671e9255ec461ad
-
SSDEEP
6144:7t+J2xLKMBCNCc994aCVoYxQOK+GIIIIIIIhIIIIIIIIIIIIIIIU:x+01Bqp99A6b8
Score10/10-
Xworm
Xworm is a remote access trojan written in C#.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-