General
-
Target
6.cmd
-
Size
280KB
-
Sample
240329-dekhlafh7y
-
MD5
6993803c1d026adb6de3e6ea61476edc
-
SHA1
bcf38ca1ef977d7f33e707407144160c65af2e7c
-
SHA256
6679c29c3042a2ef6fad6c60efba99570aa0d8ab30e6af2465b9e4011784eab4
-
SHA512
77f4101f3bfc687edbbd69dd0698364abbdb0f4cf3583a2037c06086962ce3f3c00e801e7f4e2f63df0620b1cb2b8f72c52c6d29a4f8902b36ebddd7aa954bf4
-
SSDEEP
6144:FlP1hU0TBGAwgoEC7W0OwTdjdmgC6zKX97:7thU2wAB4JBDnzA7
Static task
static1
Behavioral task
behavioral1
Sample
6.cmd
Resource
win7-20231129-en
Malware Config
Extracted
xworm
atomic.ruspyc.top:9049
lC0nl652JtSCtkcd
Targets
-
-
Target
6.cmd
-
Size
280KB
-
MD5
6993803c1d026adb6de3e6ea61476edc
-
SHA1
bcf38ca1ef977d7f33e707407144160c65af2e7c
-
SHA256
6679c29c3042a2ef6fad6c60efba99570aa0d8ab30e6af2465b9e4011784eab4
-
SHA512
77f4101f3bfc687edbbd69dd0698364abbdb0f4cf3583a2037c06086962ce3f3c00e801e7f4e2f63df0620b1cb2b8f72c52c6d29a4f8902b36ebddd7aa954bf4
-
SSDEEP
6144:FlP1hU0TBGAwgoEC7W0OwTdjdmgC6zKX97:7thU2wAB4JBDnzA7
-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-