General
-
Target
Menu_Injecter.vbs
-
Size
55KB
-
Sample
240328-cvbpysda9v
-
MD5
870aa202d351082cff00a15f66a7f97a
-
SHA1
a1a38e4b2a6c8fc12b2b9d25b28f61f66fce56d0
-
SHA256
f22f608b3f9ddfa9083fa09bc0cc8ea3e527ad6541a375653861d243c87f29a3
-
SHA512
ee9216d358e9a00964062d172b25cd0455928f6e25242e124d19dc9f7f53b4ed0ac1ea59598c8e356cd4f2a4fcd8918ecfea858d8334a55853947b9ce5d2a79a
-
SSDEEP
1536:zax7gR/f8g0+4M3nAXguly7TGnx2Wy0Oz2+VUrDClZ:ex0f8gt4MUaT4q0Oz2+Vl
Static task
static1
Behavioral task
behavioral1
Sample
Menu_Injecter.vbs
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
Menu_Injecter.vbs
Resource
win10v2004-20240226-en
Malware Config
Extracted
xworm
5.0
ujtjGruX910oDXJg
-
Install_directory
%AppData%
-
install_file
XClient.exe
Targets
-
-
Target
Menu_Injecter.vbs
-
Size
55KB
-
MD5
870aa202d351082cff00a15f66a7f97a
-
SHA1
a1a38e4b2a6c8fc12b2b9d25b28f61f66fce56d0
-
SHA256
f22f608b3f9ddfa9083fa09bc0cc8ea3e527ad6541a375653861d243c87f29a3
-
SHA512
ee9216d358e9a00964062d172b25cd0455928f6e25242e124d19dc9f7f53b4ed0ac1ea59598c8e356cd4f2a4fcd8918ecfea858d8334a55853947b9ce5d2a79a
-
SSDEEP
1536:zax7gR/f8g0+4M3nAXguly7TGnx2Wy0Oz2+VUrDClZ:ex0f8gt4MUaT4q0Oz2+Vl
Score10/10-
Detect Xworm Payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-