General
-
Target
A.exe
-
Size
50KB
-
Sample
240420-n3ra6agg6x
-
MD5
a0de54573621a87cd95ce56ce7ab7a43
-
SHA1
c3d84eddaffcb63943627e4ba00c3c58200e4da3
-
SHA256
2fab71d50a3b02c3729bde4f28e489b2346aac1829c467e19284741d34f0cf03
-
SHA512
85606cdd15e70a067475f9f4352d98dd054228a56da7c22e69d88c91a8371dbfdbc2bb391c0d4118e4bd7a2e3e28a060887b4c28ba95c76c8757a184fcc7915c
-
SSDEEP
1536:Hf05a/CTjuX89IFc9Uy68OMNGadS1EAd8IIA:Hf05a/CTKM9IFc9U4OM9gEA6IIA
Behavioral task
behavioral1
Sample
A.exe
Resource
win7-20240220-en
Malware Config
Extracted
xworm
5.0
85.203.4.127:1474
i1kB13VVw1GEf0Fq
-
Install_directory
%ProgramData%
-
install_file
VLC_Media.exe
Targets
-
-
Target
A.exe
-
Size
50KB
-
MD5
a0de54573621a87cd95ce56ce7ab7a43
-
SHA1
c3d84eddaffcb63943627e4ba00c3c58200e4da3
-
SHA256
2fab71d50a3b02c3729bde4f28e489b2346aac1829c467e19284741d34f0cf03
-
SHA512
85606cdd15e70a067475f9f4352d98dd054228a56da7c22e69d88c91a8371dbfdbc2bb391c0d4118e4bd7a2e3e28a060887b4c28ba95c76c8757a184fcc7915c
-
SSDEEP
1536:Hf05a/CTjuX89IFc9Uy68OMNGadS1EAd8IIA:Hf05a/CTKM9IFc9U4OM9gEA6IIA
-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-