General
-
Target
test.exe
-
Size
39KB
-
Sample
240511-m8246sdf2t
-
MD5
0446595878b2f661f83dd44494b6acb1
-
SHA1
5b08a09245a1e865e128d7599030e9048b255557
-
SHA256
1c4be8d559c87ecefc43b58b4381d1478780578df7997585493d8d38ab9e960e
-
SHA512
f1f0bdaf7d13cb82c2bd4360c6454a346fcbe7549bde5d1ed7e7e6e0fb51600b614d3c89e80a521269e6d3ce509a5f82fce211a471d1f3ea5cf1a3a2b6816cfe
-
SSDEEP
768:0G7+qmT8ztyh6pwDYvCjpv6hCuuJf27j1fFWPG9/r6OOwhZjObH:DfmT8ztyh6pwDnVwCuuJf4Fv9/r6OOwU
Behavioral task
behavioral1
Sample
test.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
test.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
xworm
5.0
95.26.76.187:25565
b5XhLgxznwjVoTKY
-
Install_directory
%AppData%
-
install_file
XClient.exe
Targets
-
-
Target
test.exe
-
Size
39KB
-
MD5
0446595878b2f661f83dd44494b6acb1
-
SHA1
5b08a09245a1e865e128d7599030e9048b255557
-
SHA256
1c4be8d559c87ecefc43b58b4381d1478780578df7997585493d8d38ab9e960e
-
SHA512
f1f0bdaf7d13cb82c2bd4360c6454a346fcbe7549bde5d1ed7e7e6e0fb51600b614d3c89e80a521269e6d3ce509a5f82fce211a471d1f3ea5cf1a3a2b6816cfe
-
SSDEEP
768:0G7+qmT8ztyh6pwDYvCjpv6hCuuJf27j1fFWPG9/r6OOwhZjObH:DfmT8ztyh6pwDnVwCuuJf4Fv9/r6OOwU
Score10/10-
Detect Xworm Payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-