General
-
Target
IPstresser.bat
-
Size
104KB
-
Sample
240428-dddzesee72
-
MD5
9961f5a480e3b1f40284111352e26ef9
-
SHA1
d764ca52b356a0dddfa35fe99555be1b5cf2999c
-
SHA256
239bafce9c2a8cffe424e4f48eee9bac08e09ab7423da9ae1e23e8ab27a5f4f4
-
SHA512
7220340e6eeebaa2504d9c5d8f7c171ce10d794fb0c7712c54d6dac95a33b7699e482f891f52c12fdeb0caa055da6fc6e75fd76107b82ce77d8cbfd131762d1a
-
SSDEEP
1536:7nOs1HXZcHbLD8V9u86pOzbpdYU3rKeNHcedVdzng6nFFKdEmgRUGONJtrA:rOsR+bkV9UpOzNd33uehRd7g6FFaqONc
Static task
static1
Behavioral task
behavioral1
Sample
IPstresser.bat
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
IPstresser.bat
Resource
win10v2004-20240419-en
Malware Config
Extracted
xworm
continue-silk.gl.at.ply.gg:58347
127.0.0.1:58347
-
Install_directory
%ProgramData%
-
install_file
svchost.exe
Targets
-
-
Target
IPstresser.bat
-
Size
104KB
-
MD5
9961f5a480e3b1f40284111352e26ef9
-
SHA1
d764ca52b356a0dddfa35fe99555be1b5cf2999c
-
SHA256
239bafce9c2a8cffe424e4f48eee9bac08e09ab7423da9ae1e23e8ab27a5f4f4
-
SHA512
7220340e6eeebaa2504d9c5d8f7c171ce10d794fb0c7712c54d6dac95a33b7699e482f891f52c12fdeb0caa055da6fc6e75fd76107b82ce77d8cbfd131762d1a
-
SSDEEP
1536:7nOs1HXZcHbLD8V9u86pOzbpdYU3rKeNHcedVdzng6nFFKdEmgRUGONJtrA:rOsR+bkV9UpOzNd33uehRd7g6FFaqONc
Score10/10-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-