General
-
Target
TestRun.exe
-
Size
56KB
-
Sample
240420-s3xkdscd4t
-
MD5
594c098d8e2cf8fc36669b3398b7bd5a
-
SHA1
e0cf7de523b55b53ca5881c35090c5106b2041b8
-
SHA256
06a8d5dde4323a28db52b3932c55c42fa0a9c1c47d4b2a289cf6466b03b3f60b
-
SHA512
a2febefa9cc0d1b80cc49ffb3b50c2552b2727c826b041c26c35ba31c725d2cd580ab7a9f6260a5cbe568f026080fe77f386403573ef206b3c3ae54ec35771bc
-
SSDEEP
768:Up3yq/UiGz5EfnLQRySsQLp+pdVQ3apATb9c5h4uaNvjczO5h5tZ2HI:u3yq/dsu/8oSsIp+LVQbb9bLN6O5rb
Malware Config
Extracted
xworm
uk2.localto.net:37847
-
Install_directory
%ProgramData%
-
install_file
Google.exe
Targets
-
-
Target
TestRun.exe
-
Size
56KB
-
MD5
594c098d8e2cf8fc36669b3398b7bd5a
-
SHA1
e0cf7de523b55b53ca5881c35090c5106b2041b8
-
SHA256
06a8d5dde4323a28db52b3932c55c42fa0a9c1c47d4b2a289cf6466b03b3f60b
-
SHA512
a2febefa9cc0d1b80cc49ffb3b50c2552b2727c826b041c26c35ba31c725d2cd580ab7a9f6260a5cbe568f026080fe77f386403573ef206b3c3ae54ec35771bc
-
SSDEEP
768:Up3yq/UiGz5EfnLQRySsQLp+pdVQ3apATb9c5h4uaNvjczO5h5tZ2HI:u3yq/dsu/8oSsIp+LVQbb9bLN6O5rb
Score10/10-
Detect Xworm Payload
-
Xworm
Xworm is a remote access trojan written in C#.
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-