General
-
Target
Loader1.exe
-
Size
119KB
-
Sample
240213-qxfnkscd82
-
MD5
991c63fffe62b6b237cad9203c5ef6eb
-
SHA1
36aa371799529fc70bbcc9a645eb15929fa06de2
-
SHA256
250eda084776cd02c04ab1dfcffde5555218310351b9c88258f7236df10aeda0
-
SHA512
b6b76ee6c21c35a4c1f10d33094e7340aef38646baaafcc86eb29385b29e89ebabf2626af3cd53ab115c4ce564c74052d4aa65d270e4a6e54e5e724646d8e432
-
SSDEEP
3072:VHlQLfyczsS2sJYnZwGrVYTGX8YhmMa0RYRitL:VHlcfTzD1OnOXGMJgRWi
Static task
static1
Behavioral task
behavioral1
Sample
Loader1.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
xworm
expected-identifies.gl.at.ply.gg:28789
-
Install_directory
%ProgramData%
-
install_file
svchost.exe
Targets
-
-
Target
Loader1.exe
-
Size
119KB
-
MD5
991c63fffe62b6b237cad9203c5ef6eb
-
SHA1
36aa371799529fc70bbcc9a645eb15929fa06de2
-
SHA256
250eda084776cd02c04ab1dfcffde5555218310351b9c88258f7236df10aeda0
-
SHA512
b6b76ee6c21c35a4c1f10d33094e7340aef38646baaafcc86eb29385b29e89ebabf2626af3cd53ab115c4ce564c74052d4aa65d270e4a6e54e5e724646d8e432
-
SSDEEP
3072:VHlQLfyczsS2sJYnZwGrVYTGX8YhmMa0RYRitL:VHlcfTzD1OnOXGMJgRWi
Score10/10-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1