General
-
Target
Output.exe
-
Size
16.0MB
-
Sample
240429-qkd9zsbg9t
-
MD5
1e0ddb44c2bb2d9940651433eb92c86d
-
SHA1
7760a9728ccfdd144734d989cf9c6fdcaebb259f
-
SHA256
e64455f4b8e898c1ebaf666344c0608bb344ca101126f543484ce2fc93cdc181
-
SHA512
ae3aa92c417bce571d78ce886c2bb8d13927ee0d0a6c8a814025f785a19093adec1530ec357b03e94078ee2610ba862e322e9119835f9b7063bb40698bf47d8b
-
SSDEEP
393216:pbymzsEp/VTTuTP4xhWRmQzQ3kwb9KmgwnqzKu8O+S1yjg/t:p2+sW/ZTujt9zQUwb93uAbE
Static task
static1
Behavioral task
behavioral1
Sample
Output.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
Output.exe
Resource
win11-20240419-en
Malware Config
Extracted
xworm
19.ip.gl.ply.gg:38173
-
Install_directory
%Userprofile%
-
install_file
Gorillatag client.exe
Targets
-
-
Target
Output.exe
-
Size
16.0MB
-
MD5
1e0ddb44c2bb2d9940651433eb92c86d
-
SHA1
7760a9728ccfdd144734d989cf9c6fdcaebb259f
-
SHA256
e64455f4b8e898c1ebaf666344c0608bb344ca101126f543484ce2fc93cdc181
-
SHA512
ae3aa92c417bce571d78ce886c2bb8d13927ee0d0a6c8a814025f785a19093adec1530ec357b03e94078ee2610ba862e322e9119835f9b7063bb40698bf47d8b
-
SSDEEP
393216:pbymzsEp/VTTuTP4xhWRmQzQ3kwb9KmgwnqzKu8O+S1yjg/t:p2+sW/ZTujt9zQUwb93uAbE
-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-