General
-
Target
xca.exe
-
Size
34KB
-
Sample
240522-pny8wsbe6y
-
MD5
cddd357366899c16ac793a9c02a2bc91
-
SHA1
51b94c67865078445f18cd88a9094201925b43cf
-
SHA256
61a40644545efe9ca21ab98829d613af37024cd779126ed55e7fd404912671f4
-
SHA512
b6c0a5877cf6d42976819a8545a6f316b44938da10e2a2d383b389a7eeba3a12d4c14dd7198f4c77cf7e0ebf2507f5d66dac62e568a66a6f2622442a7fae0b16
-
SSDEEP
768:3teHgjgARFWlaPMDVMpXgdGlA9Fg9uNO/hrbj:9QERFaaUD+BgdeeFg9uNO/Vv
Malware Config
Extracted
xworm
5.0
friends-analytical.gl.at.ply.gg:44471
1AMdFhkQS1xb2SWs
-
Install_directory
%Userprofile%
-
install_file
svchost.exe
Targets
-
-
Target
xca.exe
-
Size
34KB
-
MD5
cddd357366899c16ac793a9c02a2bc91
-
SHA1
51b94c67865078445f18cd88a9094201925b43cf
-
SHA256
61a40644545efe9ca21ab98829d613af37024cd779126ed55e7fd404912671f4
-
SHA512
b6c0a5877cf6d42976819a8545a6f316b44938da10e2a2d383b389a7eeba3a12d4c14dd7198f4c77cf7e0ebf2507f5d66dac62e568a66a6f2622442a7fae0b16
-
SSDEEP
768:3teHgjgARFWlaPMDVMpXgdGlA9Fg9uNO/hrbj:9QERFaaUD+BgdeeFg9uNO/Vv
-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-