General
-
Target
niggaporn.exe
-
Size
41KB
-
Sample
240402-yw635scc59
-
MD5
9908277c09934ed6d7a1c28d74660e8b
-
SHA1
59dedbdc5578f630c320901cc2a8792d3b58f2ba
-
SHA256
d240c6c9ea53026fe9741314303a771cc99f1935a0327d0c583d76702bd86181
-
SHA512
fc50d120fc0737f60352588bb3afa6e4451b69587ec575ebec2ae6b1147f03c74abbc41dbe27de4fed23749319d5712eb8735dd5a8120f162dff030ece270032
-
SSDEEP
768:yiZLEOU7+jFxamqCAr43MpfJF5Pa9p+G6iOwhR3/ub/:yiGr72FItRrtRF49IG6iOwvGT
Malware Config
Extracted
xworm
5.0
welcome-soon.gl.at.ply.gg:12447
Q8nrJ34iVyesbOgf
-
Install_directory
%AppData%
-
install_file
$77MicrosoftDefender.exe
Targets
-
-
Target
niggaporn.exe
-
Size
41KB
-
MD5
9908277c09934ed6d7a1c28d74660e8b
-
SHA1
59dedbdc5578f630c320901cc2a8792d3b58f2ba
-
SHA256
d240c6c9ea53026fe9741314303a771cc99f1935a0327d0c583d76702bd86181
-
SHA512
fc50d120fc0737f60352588bb3afa6e4451b69587ec575ebec2ae6b1147f03c74abbc41dbe27de4fed23749319d5712eb8735dd5a8120f162dff030ece270032
-
SSDEEP
768:yiZLEOU7+jFxamqCAr43MpfJF5Pa9p+G6iOwhR3/ub/:yiGr72FItRrtRF49IG6iOwvGT
-
Detect Xworm Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-