General
-
Target
f743598ef21ddf538d2e1b77f4df092f7561b2dd9b6da3bab7d962437ee27cb9
-
Size
19KB
-
Sample
240419-wnsjnscc3s
-
MD5
50a4a9328139f38282ab2e4a9b274946
-
SHA1
edc3068051be6f3124a550f68d0e4c5681d5f6f8
-
SHA256
f743598ef21ddf538d2e1b77f4df092f7561b2dd9b6da3bab7d962437ee27cb9
-
SHA512
a5285202e42ef2dd5e6ecc7fd6f255bd50b2127a7905a917b3a1f2e78729fcf72ebef7650fba89799f04e13096014cf549a9d15a5ec63654041e9c2a335fe61c
-
SSDEEP
384:GQaUKOdqJMJYHO2g8r6LpkCU7A4V03J6LSxrEkWZ37TV4zVbRydWM5TK+8V:tbKOcY2g8rwl9P0WxEZnViVbk5bC
Behavioral task
behavioral1
Sample
23a3773834e1dee6c17a05c39425acabec36b8b960861cf6946060278f11ba4d.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
23a3773834e1dee6c17a05c39425acabec36b8b960861cf6946060278f11ba4d.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xworm
3.1
daddy.zapto.org:7000
4uQ9dfK6gXLVGj0Y
-
Install_directory
%AppData%
-
install_file
USB.exe
Targets
-
-
Target
23a3773834e1dee6c17a05c39425acabec36b8b960861cf6946060278f11ba4d.exe
-
Size
39KB
-
MD5
8295ffe361828fa970c3d0511ce15c81
-
SHA1
6721180a732586e36a6eecd1e29c19a6ee25d032
-
SHA256
23a3773834e1dee6c17a05c39425acabec36b8b960861cf6946060278f11ba4d
-
SHA512
3d19695cc35fcf4169361b36489bf9223234bee6bf2a8dce8250a04c222d0034fb1fe4a549a9a455a7ce92120993c78c07ff162285e7e4f9742ad62c3771d856
-
SSDEEP
768:521RKFrNp9cOYtvUCSLXzVm8CEFp9hxX867OChrsv/Jh:/N7DYaC6NFp9XX867OCNMhh
Score10/10-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-