General
-
Target
System.exe
-
Size
76KB
-
Sample
240429-azb56sdd6z
-
MD5
926f40028aab7e451391a2f0a1f19878
-
SHA1
3154d7a394ab28b112813e1e2da05571d5f73610
-
SHA256
c9616db331e3194dce2010d0ee4be7525b83e5761dad9af507035e9a3ef89a8e
-
SHA512
ed7ef5b89abfe6dfe68e7c365ae4a5925a57e3a470f64714a6614f1ca80746e70ef73bbb2fef56d8ee3123c4066acc5678c7dc629995f42178a65d53cf3ac18f
-
SSDEEP
1536:eryUJOfxZ+3NZuLtK4q5KKI+bsjI3Bb9J6rJMtOGGL8LnV:Qyk9YxaXI+bsUgSOGGL8bV
Behavioral task
behavioral1
Sample
System.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
System.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
xworm
127.0.0.1:51984
distribution-devoted.gl.at.ply.gg:51984
-
Install_directory
%Public%
-
install_file
System.exe
Extracted
umbral
https://discord.com/api/webhooks/1234290044433465374/GpPW-XGmfNZwg5e2f01EG2PFFPvogLtW7nThGaKgRHlCFk37428m1sT_iMF8jegOqr27
Targets
-
-
Target
System.exe
-
Size
76KB
-
MD5
926f40028aab7e451391a2f0a1f19878
-
SHA1
3154d7a394ab28b112813e1e2da05571d5f73610
-
SHA256
c9616db331e3194dce2010d0ee4be7525b83e5761dad9af507035e9a3ef89a8e
-
SHA512
ed7ef5b89abfe6dfe68e7c365ae4a5925a57e3a470f64714a6614f1ca80746e70ef73bbb2fef56d8ee3123c4066acc5678c7dc629995f42178a65d53cf3ac18f
-
SSDEEP
1536:eryUJOfxZ+3NZuLtK4q5KKI+bsjI3Bb9J6rJMtOGGL8LnV:Qyk9YxaXI+bsUgSOGGL8bV
-
Detect Umbral payload
-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-