General
-
Target
XCliwwent.exe
-
Size
36KB
-
Sample
240524-q66alagd74
-
MD5
47978d37991923fe10c8a2eda94b54e5
-
SHA1
be6a3f5ba728171c75c89eafc306121310b55c13
-
SHA256
6c23a9902ec13708c31b406e9eb377e8d97c8bfcedbc88125e03ec3ffadf5b4b
-
SHA512
0546809daa91d617dbcd079caaa339b436aacb5de92070f5b67c22c582d00639a051187fe0528c85947024a9e5c0bbfdc3371b6432dbb74c692d70c0839f213d
-
SSDEEP
768:B2O/wjF7REa8B/bHh9Q3B7rh/Fu9yIZROfhV/OP:2FVCzHhOx7r5Fu9yMROfKP
Behavioral task
behavioral1
Sample
XCliwwent.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
xworm
3.1
fax-safely.gl.at.ply.gg:61182
SS03BzgRREzhTLGt
-
Install_directory
%LocalAppData%
-
install_file
USB.exe
Targets
-
-
Target
XCliwwent.exe
-
Size
36KB
-
MD5
47978d37991923fe10c8a2eda94b54e5
-
SHA1
be6a3f5ba728171c75c89eafc306121310b55c13
-
SHA256
6c23a9902ec13708c31b406e9eb377e8d97c8bfcedbc88125e03ec3ffadf5b4b
-
SHA512
0546809daa91d617dbcd079caaa339b436aacb5de92070f5b67c22c582d00639a051187fe0528c85947024a9e5c0bbfdc3371b6432dbb74c692d70c0839f213d
-
SSDEEP
768:B2O/wjF7REa8B/bHh9Q3B7rh/Fu9yIZROfhV/OP:2FVCzHhOx7r5Fu9yMROfKP
Score10/10-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-