General
-
Target
0x0037000000015f54-11.dat
-
Size
40KB
-
Sample
240523-vx7jhsad68
-
MD5
7ea387ab126b2ecf3365d448a318a433
-
SHA1
71b6e05898b68ed72ca95266d6293b225c40b612
-
SHA256
573f3d316ed68ea2d4762a657dcc62416b763a8fcd1f99017f02d3ef5c215015
-
SHA512
68830f84bf9f0a9e75a999907f7e7d816f89aa745e92078f56f303edadb236e14957e0594290f297fd4c0175ae72be02542cabe974a404fe961b7ab4bf945825
-
SSDEEP
768:lNfPMSk3K/EzTb/0X8WuFZ4sJF5PC9O9d968OMhM3/qj:jf05a/CTjS89/Fc9Ud968OMiY
Behavioral task
behavioral1
Sample
0x0037000000015f54-11.exe
Resource
win7-20240221-en
Malware Config
Extracted
xworm
5.0
45.141.27.41:7000
9ZF9ZsOZGh1T1r1n
-
Install_directory
%Public%
-
install_file
csrss.exe
Targets
-
-
Target
0x0037000000015f54-11.dat
-
Size
40KB
-
MD5
7ea387ab126b2ecf3365d448a318a433
-
SHA1
71b6e05898b68ed72ca95266d6293b225c40b612
-
SHA256
573f3d316ed68ea2d4762a657dcc62416b763a8fcd1f99017f02d3ef5c215015
-
SHA512
68830f84bf9f0a9e75a999907f7e7d816f89aa745e92078f56f303edadb236e14957e0594290f297fd4c0175ae72be02542cabe974a404fe961b7ab4bf945825
-
SSDEEP
768:lNfPMSk3K/EzTb/0X8WuFZ4sJF5PC9O9d968OMhM3/qj:jf05a/CTjS89/Fc9Ud968OMiY
-
Detect Xworm Payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-