General
-
Target
ya.rar
-
Size
37KB
-
Sample
240420-cmjetsdg43
-
MD5
2c69232beb1fbd571fdbdc60c7c576fd
-
SHA1
e29f2ec7fb06ffc1722cdd98385b5afa6e34c229
-
SHA256
8876677144e30af700ffe129854232cc5ef7acdd635646e4e02853d9b6ec7f77
-
SHA512
1866a8779e21428063368a1df5f70210f2025254e406f3f32a6261229c6bb8abe99d04e65a670529093230787f184f335e026eeb1e674e36370ffe0403df6e79
-
SSDEEP
768:SKQ3od2A3LNvFjLwtJDWoL4IrUeTe3qoJzTfTzbSjBeOwQ4Su1WzOnftONYW:SK+CP3JNjLyDW+rdT1oJTbKoSYWK1HW
Behavioral task
behavioral1
Sample
ya.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ya.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xworm
127.0.0.1:23638
209.25.140.1:5525:23638
bring-recorder.gl.at.ply.gg:23638
action-yesterday.gl.at.ply.gg:23638
147.185.221.19:23638
then-wheel.gl.at.ply.gg::23638
then-wheel.gl.at.ply.gg:23638
teen-modes.gl.at.ply.gg:23638
-
Install_directory
%LocalAppData%
-
install_file
uwumonster.exe
Targets
-
-
Target
ya.exe
-
Size
63KB
-
MD5
222c2d239f4c8a1d73c736c9cc712807
-
SHA1
c3aa61bd6f8cc640bcfa74c40d9283c9c08c7b3c
-
SHA256
ff43049677c57277f12a1d97f02af3029d7b75b5ad40303a28f1b0452997969d
-
SHA512
1f2fea85e45e93916306c234b916d6b4b200dac9656e44f4555f825dd8677cb5e927bd5e7a74bf2fb2f6972a3e6e2d294a6104add162ba3d53a0e6cfedef6a02
-
SSDEEP
1536:tJc/5q1qoR5PDdAZcIED4VuCkbFybjQ9f0jQRmONww+W:7c/iqoJekbFEQ9W+mONP+W
Score10/10-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-