General
-
Target
BloxstrapModded-v.2.42.exe
-
Size
84KB
-
Sample
240521-zafvhahd66
-
MD5
f8512ee7348b3330d4d5ff8eb96a0f1b
-
SHA1
72c0437263d4b4375ef19f1ab9335dad6078988a
-
SHA256
4141d90028a8888e081d845e1321d720b39d2a408554f08a6a045c4e7fc7c728
-
SHA512
b8bc9ceabfbd14796b1386d5231046f1928c91a2aef531e55226bf0047bb418b5b20345d3ca2480561712fa499394369696caae7a58c7932e9df4526a2af4217
-
SSDEEP
1536:mWcKNwa2b7bd23uV/nWbxAPKFJZpVPTY8mF69nciMW2QxPSt8d:mWsa2b7bdHV/yqkTHmF6aZS/
Static task
static1
Behavioral task
behavioral1
Sample
BloxstrapModded-v.2.42.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
BloxstrapModded-v.2.42.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
xworm
friend-achievement.gl.at.ply.gg:57584
-
Install_directory
%AppData%
-
install_file
BloxstrapModded.exe
Targets
-
-
Target
BloxstrapModded-v.2.42.exe
-
Size
84KB
-
MD5
f8512ee7348b3330d4d5ff8eb96a0f1b
-
SHA1
72c0437263d4b4375ef19f1ab9335dad6078988a
-
SHA256
4141d90028a8888e081d845e1321d720b39d2a408554f08a6a045c4e7fc7c728
-
SHA512
b8bc9ceabfbd14796b1386d5231046f1928c91a2aef531e55226bf0047bb418b5b20345d3ca2480561712fa499394369696caae7a58c7932e9df4526a2af4217
-
SSDEEP
1536:mWcKNwa2b7bd23uV/nWbxAPKFJZpVPTY8mF69nciMW2QxPSt8d:mWsa2b7bdHV/yqkTHmF6aZS/
Score10/10-
Detect Xworm Payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-