General
-
Target
NursultanSetup.exe
-
Size
59KB
-
Sample
240125-rgmmmahbc5
-
MD5
68152587ca46bf9974ad4e5a0ac77b47
-
SHA1
5435ae05b1cf0eac83d5635e20a52214432260ef
-
SHA256
972adedc69f159942f3fab6528d80e428066fa8ce297b0be6d4af988185711dc
-
SHA512
7aeb7e4c6c94357061e05cac1530cf922191655679e82c36b7f06c4106b966c1bdd18e86035437c87953fa3c4adc60b021b3bd5859df3b62f9acf12db563b520
-
SSDEEP
1536:Mpfw0K7+wQS4f47Rb0jbtViTqLQr6npOcoqKGQG6:Mpfi7+wQSU+Rb0jbt6MOczTf6
Behavioral task
behavioral1
Sample
NursultanSetup.exe
Resource
win7-20231129-en
Malware Config
Extracted
xworm
-
install_file
USB.exe
-
pastebin_url
https://pastebin.com/raw/mXwT6uNv
Targets
-
-
Target
NursultanSetup.exe
-
Size
59KB
-
MD5
68152587ca46bf9974ad4e5a0ac77b47
-
SHA1
5435ae05b1cf0eac83d5635e20a52214432260ef
-
SHA256
972adedc69f159942f3fab6528d80e428066fa8ce297b0be6d4af988185711dc
-
SHA512
7aeb7e4c6c94357061e05cac1530cf922191655679e82c36b7f06c4106b966c1bdd18e86035437c87953fa3c4adc60b021b3bd5859df3b62f9acf12db563b520
-
SSDEEP
1536:Mpfw0K7+wQS4f47Rb0jbtViTqLQr6npOcoqKGQG6:Mpfi7+wQSU+Rb0jbt6MOczTf6
-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-