General
-
Target
яустал.exe
-
Size
48KB
-
Sample
240427-lygj2sgb29
-
MD5
16fe368751ad7e2e7f74ba17576cce91
-
SHA1
a3cf1698fe673cbf9df7dc539b9af78e3fa99218
-
SHA256
c9173a2ca8507f108284bf0d883dd5f4e00642f28779b33da865f9be0f3f1765
-
SHA512
504b5aaff8217923313d0ea31e83424afd3b250e03624b67b783d23c46ce11e856932bde287bae4cf8d83d32e0bc1d6b705d6e656bbf44fc8363e92d599fa96f
-
SSDEEP
768:ejnKV+3greh5nVK6wvAhOWfapF/9juj67OMhVLBcds4S1EAd8IIS:ej1greXFSAhLeF/96j67OM3KdS1EAd8S
Behavioral task
behavioral1
Sample
яустал.exe
Resource
win7-20240220-en
Malware Config
Extracted
xworm
5.0
court-floral.gl.at.ply.gg:37873
iDpeCVi8LgKLrz4D
-
install_file
USB.exe
Targets
-
-
Target
яустал.exe
-
Size
48KB
-
MD5
16fe368751ad7e2e7f74ba17576cce91
-
SHA1
a3cf1698fe673cbf9df7dc539b9af78e3fa99218
-
SHA256
c9173a2ca8507f108284bf0d883dd5f4e00642f28779b33da865f9be0f3f1765
-
SHA512
504b5aaff8217923313d0ea31e83424afd3b250e03624b67b783d23c46ce11e856932bde287bae4cf8d83d32e0bc1d6b705d6e656bbf44fc8363e92d599fa96f
-
SSDEEP
768:ejnKV+3greh5nVK6wvAhOWfapF/9juj67OMhVLBcds4S1EAd8IIS:ej1greXFSAhLeF/96j67OM3KdS1EAd8S
-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-