General
-
Target
gsB72LsjeW3OnCXIXNtojNdbm7okSb05AnMAnwKs.zip
-
Size
259KB
-
Sample
240403-eamb3afa7z
-
MD5
d3afd759cf24de3a5cf01e3e92a2eef1
-
SHA1
b6c31d6ec8a11a9b2aa1d264827a83c43d13ec0c
-
SHA256
e3124c7431ae62c1d0c7e508e318ac091e240cddfe00f768583fa496afa69bf8
-
SHA512
1817d2877e02b2f607e6062a566a5db74534bbe9f8cb665fe6158a0cc6d937fc6ae02cffe09d5ccdb8e74473e744a7979238fe54646b98fa99c902bc881abc73
-
SSDEEP
6144:mZ4aJLIwzNPufGgWafLnquhnP/6bmlqgVIVvt4npoxm:44a/h/UfLnBhP/6bhVvWoxm
Malware Config
Extracted
xworm
-
Install_directory
%ProgramData%
-
install_file
svchost.exe
-
pastebin_url
https://pastebin.com/raw/z5PQ82wE
Targets
-
-
Target
Krampus/23vcD1orbL.exe
-
Size
1.3MB
-
MD5
d48c30f50906d73b06aabec4a3c0ef96
-
SHA1
4ed2965e2c48d3e35a3e4e1ea8781d3761de94a5
-
SHA256
71015901a4bbe9f7f81a3f899bf7c21ceca2a332e272e31a4d6d2b6b4f71a59f
-
SHA512
71eb7ca54f7f1019716c9e5a323d0ffa892a6485fe387044deb9fe431e809bd2f8be5e35f3aba185eb53d437fc63a5a66704815b612e6ea960220610d459265f
-
SSDEEP
1536:c/G4iM3eweCmtR8K/ddBNm/LBOK+kAYxQb1biW3+FQxEfOO701d67/fxU9:cOrZ8kyt3AYeb1WRSEfO1vd9
-
Detect Xworm Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-