General
-
Target
C437rPSQNVzgjPbIKiUZsEqostl9FnPve5mDqEpa.zip
-
Size
66.1MB
-
Sample
240427-patq9aab85
-
MD5
6c6cf43a66079c890cc9dd419efeae4f
-
SHA1
9675f1b6460cb16ea766335b83465b358255ee62
-
SHA256
8117e22fbace37f3ed1dfdcc6567e655619970990acd0df94bd83996a7bdc957
-
SHA512
1896eb26337ea92ee931a26c5d13e03df77a3a88deb1b5055aca158c3c0f8e74ed535e2790c7ec305335f6bd473c4dacb3cdb4ae1b661601b7f6389271bb4523
-
SSDEEP
1572864:mJVa7OvQzyw/liz3XkU+G7Ayf7EfuqDDadM14ygCzEg6ZS80h//:tOvQzywEzX55fksCAgsS8a//
Behavioral task
behavioral1
Sample
C437rPSQNVzgjPbIKiUZsEqostl9FnPve5mDqEpa.zip
Resource
win11-20240426-en
Malware Config
Extracted
xworm
-
Install_directory
%ProgramData%
-
install_file
svchost.exe
-
pastebin_url
https://pastebin.com/raw/z5PQ82wE
Targets
-
-
Target
C437rPSQNVzgjPbIKiUZsEqostl9FnPve5mDqEpa.zip
-
Size
66.1MB
-
MD5
6c6cf43a66079c890cc9dd419efeae4f
-
SHA1
9675f1b6460cb16ea766335b83465b358255ee62
-
SHA256
8117e22fbace37f3ed1dfdcc6567e655619970990acd0df94bd83996a7bdc957
-
SHA512
1896eb26337ea92ee931a26c5d13e03df77a3a88deb1b5055aca158c3c0f8e74ed535e2790c7ec305335f6bd473c4dacb3cdb4ae1b661601b7f6389271bb4523
-
SSDEEP
1572864:mJVa7OvQzyw/liz3XkU+G7Ayf7EfuqDDadM14ygCzEg6ZS80h//:tOvQzywEzX55fksCAgsS8a//
Score10/10-
Detect Xworm Payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-