General
-
Target
pinger.bat
-
Size
110KB
-
Sample
240428-dhfc2sfa3x
-
MD5
ed3f9ae23e2900529c2389663c7a7f29
-
SHA1
5319adb0c33db865eee7877cf5d7a48b815bb21b
-
SHA256
7008c81ff751ea039b0c0b3bf5c3fdf01198b8a7a645836560dfbcb1054e0b32
-
SHA512
cde4f505a6afbe30be1f491c1f62c25f77ffa739e6483cd6d9ce61dd73e58a0cbdace61ba4bbdf7a4715e6caf07cfe3a1659500d10bdde26766d12b211c6b73d
-
SSDEEP
3072:OAm2nj93JqYoSmFCL0GSuBqcqjlKepfYb+OdNYDtN:I2nRZqYJm0L0GSNbKep6/ny
Static task
static1
Behavioral task
behavioral1
Sample
pinger.bat
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
pinger.bat
Resource
win10v2004-20240419-en
Malware Config
Extracted
xworm
continue-silk.gl.at.ply.gg:58347
127.0.0.1:58347
-
Install_directory
%AppData%
-
install_file
steamwebhelper.exe
Targets
-
-
Target
pinger.bat
-
Size
110KB
-
MD5
ed3f9ae23e2900529c2389663c7a7f29
-
SHA1
5319adb0c33db865eee7877cf5d7a48b815bb21b
-
SHA256
7008c81ff751ea039b0c0b3bf5c3fdf01198b8a7a645836560dfbcb1054e0b32
-
SHA512
cde4f505a6afbe30be1f491c1f62c25f77ffa739e6483cd6d9ce61dd73e58a0cbdace61ba4bbdf7a4715e6caf07cfe3a1659500d10bdde26766d12b211c6b73d
-
SSDEEP
3072:OAm2nj93JqYoSmFCL0GSuBqcqjlKepfYb+OdNYDtN:I2nRZqYJm0L0GSNbKep6/ny
Score10/10-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-