General
-
Target
XBinderOutput.exe
-
Size
81KB
-
Sample
240420-stzy6acb2v
-
MD5
6a473a6fbeda2aa9557f5fb7eab5c9c6
-
SHA1
eb79bcf494c6cc5852b2439bc7ecdf04adf92b4e
-
SHA256
9f48bafc8116d691886054d64bd81dd84cf5114c84b72eb7ffcf8b9bac4341b4
-
SHA512
8a8fa406029ccd61907ad9cb18d9333c067eea2d81dbe079d658c8e3533e401027de95c1c77afe09b6d55695438e01a6dd677f14b94bb490bad51f959b3e5fbf
-
SSDEEP
1536:IzJVjzYoptrwvJBDrqiYQ9SZxlc9lQPykpl6VPM/qy:kyoptk/qcgc9+aQ6hu
Static task
static1
Behavioral task
behavioral1
Sample
XBinderOutput.exe
Resource
win7-20240221-en
Malware Config
Extracted
xworm
million-houston.gl.at.ply.gg:27705
-
Install_directory
%AppData%
-
install_file
BloxstrapModded.exe
Targets
-
-
Target
XBinderOutput.exe
-
Size
81KB
-
MD5
6a473a6fbeda2aa9557f5fb7eab5c9c6
-
SHA1
eb79bcf494c6cc5852b2439bc7ecdf04adf92b4e
-
SHA256
9f48bafc8116d691886054d64bd81dd84cf5114c84b72eb7ffcf8b9bac4341b4
-
SHA512
8a8fa406029ccd61907ad9cb18d9333c067eea2d81dbe079d658c8e3533e401027de95c1c77afe09b6d55695438e01a6dd677f14b94bb490bad51f959b3e5fbf
-
SSDEEP
1536:IzJVjzYoptrwvJBDrqiYQ9SZxlc9lQPykpl6VPM/qy:kyoptk/qcgc9+aQ6hu
-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-