General
-
Target
WizWorm v4.5.rar
-
Size
35.5MB
-
Sample
240420-15p74abh3s
-
MD5
39ea0b58b88f1e712e08fc8488a79e1d
-
SHA1
ae09f7f5a69d820bfd5d541f9c22a789871fb21b
-
SHA256
d788edd667e47b2e6e47bb063097136e62ea0ab352cd467768c45b5228d026a9
-
SHA512
8bf3f71f88c86b944ff0c538c326e597109c35ce1f7429cdc0e46aeaaaf3997c630827d5c5a2ac47699f9d446bd491e5aaa3dc5444ecf0081262765761b60417
-
SSDEEP
786432:qsMW88vhtCTZjRQGmiT9lbBHyQLlLXrGKGe8y9ZzBanYpbwBbC1PPpyQGsfmF:UWXGRTfbBH1xqI9NBan2bwBm1npHGs+F
Static task
static1
Behavioral task
behavioral1
Sample
WizWorm v4.5.rar
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
WizWorm v4.5.rar
Resource
win10v2004-20240412-en
Malware Config
Extracted
xworm
redslide-36078.portmap.host:36078
-
Install_directory
%AppData%
-
install_file
USB.exe
Targets
-
-
Target
WizWorm v4.5.rar
-
Size
35.5MB
-
MD5
39ea0b58b88f1e712e08fc8488a79e1d
-
SHA1
ae09f7f5a69d820bfd5d541f9c22a789871fb21b
-
SHA256
d788edd667e47b2e6e47bb063097136e62ea0ab352cd467768c45b5228d026a9
-
SHA512
8bf3f71f88c86b944ff0c538c326e597109c35ce1f7429cdc0e46aeaaaf3997c630827d5c5a2ac47699f9d446bd491e5aaa3dc5444ecf0081262765761b60417
-
SSDEEP
786432:qsMW88vhtCTZjRQGmiT9lbBHyQLlLXrGKGe8y9ZzBanYpbwBbC1PPpyQGsfmF:UWXGRTfbBH1xqI9NBan2bwBm1npHGs+F
Score10/10-
Detect Xworm Payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-