General
-
Target
e46d80f1b4a81c1aaafdda010b0db0eca9c0957a1a3990671d583247d33371ff
-
Size
16KB
-
Sample
240419-t3527shc73
-
MD5
c3820a85f18413b82d3f0fa5992d2d5b
-
SHA1
f2c0d39519bc1c5396476b76d4e7b23f5476253f
-
SHA256
e46d80f1b4a81c1aaafdda010b0db0eca9c0957a1a3990671d583247d33371ff
-
SHA512
d1843399af8cf8e08d644eee8f7bd36ec9fe5449f234e619b9d1529c282bfaccaac3b4808f12f7b34d00b937b174c480a6e73af0331261f3848e40eceaeb3626
-
SSDEEP
384:TX5o2P4X1U8FMePOr+VZGVubTEQ7gvEwGDJ/1jrTZu5:TX5nWXRAIUOTEDvEZhtx2
Behavioral task
behavioral1
Sample
fe8b320087553eaee75439ab0c4c523a67687c5cb70763bcf042bcfabb205f11.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fe8b320087553eaee75439ab0c4c523a67687c5cb70763bcf042bcfabb205f11.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
xworm
3.1
dzn.ddns.net:5552
mT1l25650AkcpwGy
-
Install_directory
%Temp%
-
install_file
USB.exe
Targets
-
-
Target
fe8b320087553eaee75439ab0c4c523a67687c5cb70763bcf042bcfabb205f11.exe
-
Size
34KB
-
MD5
b1277c96cd2cabd50382318e95179713
-
SHA1
5da077cec493cfee0d9ec1905d9882efa8a8d284
-
SHA256
fe8b320087553eaee75439ab0c4c523a67687c5cb70763bcf042bcfabb205f11
-
SHA512
4d28ed36ce3d3bbc6d96e4ed76e95604edd10a2eabf60001dcaf611269358e70bebe71a6d2ebfa2a747c3e2feac9e8f3c2f913b3fabdaab2b327c4f46bafd36e
-
SSDEEP
768:/pabA1ZUxNkLACVVickNVFy19JR6aO/hnt:fn2Nk8hcAF49JR6aO/v
Score10/10-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-