General
-
Target
AC 3.exe
-
Size
90KB
-
Sample
240428-mcdfyadg3s
-
MD5
676fbfb0698d8105b708e7fc902ec3ff
-
SHA1
1077cc7de056b570a2e117880884fddd8dcd5023
-
SHA256
e131f44ff3131bd01316cc0d99a0f36c3116adab6f0354ade58678a644c736bb
-
SHA512
0e052dfb608231b39a072f38ac169d6efafaac48b21101af13f5b2ac3b341ee83f5d7a50a36a598f01e2220b4799f00167a897487bc9db68badf27479743a07c
-
SSDEEP
1536:z3W5cwWRxDRuqJLOR4hvIFw9bdX0fT2to3/03JzTN6msCOlMe+DE56:z97DYsYAvGw9bdS2c/05z+COlb+Dc6
Behavioral task
behavioral1
Sample
AC 3.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
AC 3.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
xworm
artist-forum.gl.at.ply.gg:38847
-
Install_directory
%AppData%
-
install_file
XClient.exe
Targets
-
-
Target
AC 3.exe
-
Size
90KB
-
MD5
676fbfb0698d8105b708e7fc902ec3ff
-
SHA1
1077cc7de056b570a2e117880884fddd8dcd5023
-
SHA256
e131f44ff3131bd01316cc0d99a0f36c3116adab6f0354ade58678a644c736bb
-
SHA512
0e052dfb608231b39a072f38ac169d6efafaac48b21101af13f5b2ac3b341ee83f5d7a50a36a598f01e2220b4799f00167a897487bc9db68badf27479743a07c
-
SSDEEP
1536:z3W5cwWRxDRuqJLOR4hvIFw9bdX0fT2to3/03JzTN6msCOlMe+DE56:z97DYsYAvGw9bdS2c/05z+COlb+Dc6
Score10/10-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-