General
-
Target
Output.exe
-
Size
98KB
-
Sample
240420-sw5x7abf44
-
MD5
d7557a4322101418a54b3ba0d973bdb1
-
SHA1
57ae796673ce3d7d32dc4490f5e331c643aa8228
-
SHA256
8f26c490abbe3b76d42635347d83ffa6387888021d4909fcfd63e3dcc25540d2
-
SHA512
d2118512333b3e72eb1fad020082468b6d67689e104fcb4a0bb455c4870b429eff119987ca87d697398572e022a38949f5d3b75c3fd4c6106057d84ff786d773
-
SSDEEP
1536:ijXg7n3OaMrKTV82jTj5I6Ws5SZYSx8fWL5uWQaIK0naap+/l8NXftTOqg:ijw7n+NKTZFPkZvT5uCIak+/l8lfE
Static task
static1
Behavioral task
behavioral1
Sample
Output.exe
Resource
win7-20240220-en
Malware Config
Extracted
xworm
million-houston.gl.at.ply.gg:27705
-
Install_directory
%AppData%
-
install_file
BloxstrapModded.exe
Targets
-
-
Target
Output.exe
-
Size
98KB
-
MD5
d7557a4322101418a54b3ba0d973bdb1
-
SHA1
57ae796673ce3d7d32dc4490f5e331c643aa8228
-
SHA256
8f26c490abbe3b76d42635347d83ffa6387888021d4909fcfd63e3dcc25540d2
-
SHA512
d2118512333b3e72eb1fad020082468b6d67689e104fcb4a0bb455c4870b429eff119987ca87d697398572e022a38949f5d3b75c3fd4c6106057d84ff786d773
-
SSDEEP
1536:ijXg7n3OaMrKTV82jTj5I6Ws5SZYSx8fWL5uWQaIK0naap+/l8NXftTOqg:ijw7n+NKTZFPkZvT5uCIak+/l8lfE
-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-