General
-
Target
mkpub_GRU-6LDC.rar
-
Size
120KB
-
Sample
231003-qjl87sah4v
-
MD5
d6ca1b57172b0bfc2f3f810f3d18ce4a
-
SHA1
4fc34c465b3bbc4c743f1553ea5935a60da90a8c
-
SHA256
389bcd4e3c1447f8e0704c0bd0590ca7d38a00a7cb8088e4cb0f43dc86da4233
-
SHA512
34517c34119e044342b2051d2e956925b1595c1f96347a1ca08aa216de578daae4b178a2101a92471789fb97cfa9befaeba1f9ecfc2a48336e2eab90122c0d7a
-
SSDEEP
3072:mU/VPOqOYQzg72VXCh6yVxjEpdG/jDN9lxSMWyX7p9xTS:mKOdXgSVShVViG/XjSEJS
Static task
static1
Behavioral task
behavioral1
Sample
GRU-6LDC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
GRU-6LDC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
xworm
5.0
brightle.ddns.net:7000
jaSa0S2QQOuGarf8
-
install_file
USB.exe
Targets
-
-
Target
GRU-6LDC.exe
-
Size
315KB
-
MD5
754a0ca3356a8f76909cd9c5c41234d5
-
SHA1
c3d9d52316b071f0db5ca9cd6999bfc06141795b
-
SHA256
740253f7075ea5e09021a78ff868d9c90931210aa12e2da91b60f1ea7380f759
-
SHA512
d1fdc37b367dd2dba4cb75021299c12c22064b40d48ba6250568727b565e73c7bbe03691bb0b288dc0b588679d6d9408bf7ff7bb60a69b26e41cf69c4c78fbe5
-
SSDEEP
6144:K3B4ZXBhCirEL5BH46Zk16P9R8G1jqJ6TVKSK:K3BghvrELPH46ZAKjoQES
Score10/10-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-