3fb0f72c1a392523344e24575f9cbfd68da6980c93fb883f4fcf5097aa587d78 | Triage

Sharing

General

Target

XWorm V3.0.exe
Size

12.7MB
Sample

240217-gn6nzace27
MD5

ae32552bced40a6e6a3ac113e2e3c8bd
SHA1

c985dcc696b769a28b5bd755e05a84a34c164e74
SHA256

3fb0f72c1a392523344e24575f9cbfd68da6980c93fb883f4fcf5097aa587d78
SHA512

36d3ba8b7b94b7c86347c890de2c3f88085de72f21bacce44e97c1a8bc145929d7cd25821bf4f973755d8628f0e5eb2885f043dc89a1f3b9a20900546262d356
SSDEEP

393216:IcrS9tCfHAXguucNvPPiaNCh0PDPpGor82MOv1:ZFfglHPZNChcDPpGog/Q

Score

7^/10

Malware Config

Targets

- Target
  
  XWorm V3.0.exe
- Size
  
  12.7MB
- MD5
  
  ae32552bced40a6e6a3ac113e2e3c8bd
- SHA1
  
  c985dcc696b769a28b5bd755e05a84a34c164e74
- SHA256
  
  3fb0f72c1a392523344e24575f9cbfd68da6980c93fb883f4fcf5097aa587d78
- SHA512
  
  36d3ba8b7b94b7c86347c890de2c3f88085de72f21bacce44e97c1a8bc145929d7cd25821bf4f973755d8628f0e5eb2885f043dc89a1f3b9a20900546262d356
- SSDEEP
  
  393216:IcrS9tCfHAXguucNvPPiaNCh0PDPpGor82MOv1:ZFfglHPZNChcDPpGog/Q
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2