General
-
Target
Uni.bat
-
Size
302KB
-
Sample
240419-tv8hcsha35
-
MD5
0c1a78b83c7ad047158bc1c5fbc8ae3f
-
SHA1
7576726765a96d1ec587021591a593fd832f1f84
-
SHA256
1fac7bae52e9f9ab6ca432c19960012a56b318e8146c5c8e3b13ee48cd0f3d92
-
SHA512
ea5164dd67ef0e290d0bd3aac502295eaa3488d44bd7f21a1b01b2cf1eb5056affcb207ebf160d7389123bf1ff5cb5dc8f83afd45b26446ea9ace3ca2de6faac
-
SSDEEP
6144:NTNutx0XtEktJLSQm6o3Kp/PDDQ9os9zRzj1JCl3Oxa1fYuKORutxQH3W1AN19nv:NXRJo8Vv69f63OwfY7Iutx+3W1ADXdCw
Static task
static1
Behavioral task
behavioral1
Sample
Uni.bat
Resource
win10v2004-20240412-en
Malware Config
Extracted
xworm
147.185.221.18:28789
-
Install_directory
%ProgramData%
-
install_file
USB.exe
Targets
-
-
Target
Uni.bat
-
Size
302KB
-
MD5
0c1a78b83c7ad047158bc1c5fbc8ae3f
-
SHA1
7576726765a96d1ec587021591a593fd832f1f84
-
SHA256
1fac7bae52e9f9ab6ca432c19960012a56b318e8146c5c8e3b13ee48cd0f3d92
-
SHA512
ea5164dd67ef0e290d0bd3aac502295eaa3488d44bd7f21a1b01b2cf1eb5056affcb207ebf160d7389123bf1ff5cb5dc8f83afd45b26446ea9ace3ca2de6faac
-
SSDEEP
6144:NTNutx0XtEktJLSQm6o3Kp/PDDQ9os9zRzj1JCl3Oxa1fYuKORutxQH3W1AN19nv:NXRJo8Vv69f63OwfY7Iutx+3W1ADXdCw
Score10/10-
Detect Xworm Payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-