General
-
Target
16325521309.zip
-
Size
326KB
-
Sample
240402-jervkaba7t
-
MD5
8b47e89cea5364c2653cc2046351a70d
-
SHA1
cb2c05727eaa505175a7d453a87842a252899cb3
-
SHA256
6174891a27c2107ba9183e3939eb53edc70fedcff0c73c9aa5f1c07cf984b298
-
SHA512
325bce0904f15fb148adebd6c2224a012a3436fca67e9f160b4c93929099c3bd922415a9bce0ecb7feec5ebbbaa945bc658a71c14bf76d5199568cb24ed28b32
-
SSDEEP
6144:8DkatCTgbugDAlupLpO9B9GqamvJk+ytN57OvYWuB+qaJbUHE8GdVk1XMdi/:2kWCTg602ufkT7Jo56Q4qIbyEVdVqXMa
Static task
static1
Behavioral task
behavioral1
Sample
9e5865fd21de52ffdfed7301c0542693d1a5a066c49dfb197ddce0acab589b7b.exe
Resource
win7-20231129-en
Malware Config
Extracted
xworm
210.246.215.82:7000
-
Install_directory
%ProgramData%
-
install_file
WindowsNT.exe
Targets
-
-
Target
9e5865fd21de52ffdfed7301c0542693d1a5a066c49dfb197ddce0acab589b7b
-
Size
427KB
-
MD5
884939ef6ce29bd82add03e94a61abb9
-
SHA1
ae52176f4928a3bf19513bd95fc4251ba8db5d5a
-
SHA256
9e5865fd21de52ffdfed7301c0542693d1a5a066c49dfb197ddce0acab589b7b
-
SHA512
268b662e74580e948ae73d5d3005e0b9fcfb90c72a0f391bab980c55af0573a1e1082eb5d8b0940f3255d14f8a42901365582b52d9f21032bad125b55b0ea86f
-
SSDEEP
12288:iXQhmNReC7nFPfkhkyDW7AUz29BbOy9Md:ighY57nyNUzcAMM
-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-