General
-
Target
Vape.exe
-
Size
7.3MB
-
Sample
240212-wek38scd37
-
MD5
30d821e3f24b92090b1bce6724c9128d
-
SHA1
f0d9125615d765fe195344699d025e275992dd51
-
SHA256
62395ab41ce937d63d729857316897a8b492248c2a47417500a66189400e223b
-
SHA512
199d4bf7811d6627213f4196b195c6b7845abb8aae28c22d75099835030a8d6c3ec3a53014ee17853dd3c9c367c8d3ee9551127553655bd81dc144c0b98ca104
-
SSDEEP
196608:yJY/4gmohCSiu0y17vTSnBlXpOR7uRBp0/T:yJY/1mohKu0ypvunBlXYyt0r
Static task
static1
Behavioral task
behavioral1
Sample
Vape.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
xworm
-
Install_directory
%Temp%
-
install_file
microsoftsoftware_sv.exe
-
pastebin_url
https://pastebin.com/raw/aj6A2kvb
Targets
-
-
Target
Vape.exe
-
Size
7.3MB
-
MD5
30d821e3f24b92090b1bce6724c9128d
-
SHA1
f0d9125615d765fe195344699d025e275992dd51
-
SHA256
62395ab41ce937d63d729857316897a8b492248c2a47417500a66189400e223b
-
SHA512
199d4bf7811d6627213f4196b195c6b7845abb8aae28c22d75099835030a8d6c3ec3a53014ee17853dd3c9c367c8d3ee9551127553655bd81dc144c0b98ca104
-
SSDEEP
196608:yJY/4gmohCSiu0y17vTSnBlXpOR7uRBp0/T:yJY/1mohKu0ypvunBlXYyt0r
Score10/10-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-