General
-
Target
Client.exe
-
Size
3.1MB
-
Sample
240414-f37ddaec46
-
MD5
a7211537f9c9b39f3b2559fc8aab7072
-
SHA1
e8713eb98dd78867d2e5bcedb0d826c9a4311b68
-
SHA256
b3a60960f5fa90fb89bddd4638c7451f5eff7767d66052f3725d49f3124e6291
-
SHA512
3029cef09335da6e9ff28440f8a06bada0c562a6ea4c096e667cadd1f2f22b909002f1aac704d3b4c6329dea1616c5bae7b2407a9b32a433658a55f820a17ce1
-
SSDEEP
49152:TviI22SsaNYfdPBldt698dBcjH8iRJ65bR3LoGdjTHHB72eh2NT:Tvv22SsaNYfdPBldt6+dBcjH8iRJ67
Behavioral task
behavioral1
Sample
Client.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Client.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
quasar
1.4.1
Slave
140.238.91.110:34353
25ab9d56-6ef2-47d3-99aa-2142fbcd41fa
-
encryption_key
8E710985199C6BF86CCE90DA92448A36E2F45F51
-
install_name
XWormV5.6.exe
-
log_directory
WindowsUPDLogs
-
reconnect_delay
3000
-
startup_key
Windows BIOS Update Checker
-
subdirectory
SubDir
Targets
-
-
Target
Client.exe
-
Size
3.1MB
-
MD5
a7211537f9c9b39f3b2559fc8aab7072
-
SHA1
e8713eb98dd78867d2e5bcedb0d826c9a4311b68
-
SHA256
b3a60960f5fa90fb89bddd4638c7451f5eff7767d66052f3725d49f3124e6291
-
SHA512
3029cef09335da6e9ff28440f8a06bada0c562a6ea4c096e667cadd1f2f22b909002f1aac704d3b4c6329dea1616c5bae7b2407a9b32a433658a55f820a17ce1
-
SSDEEP
49152:TviI22SsaNYfdPBldt698dBcjH8iRJ65bR3LoGdjTHHB72eh2NT:Tvv22SsaNYfdPBldt6+dBcjH8iRJ67
Score1/10 -