General
-
Target
Steam (3).exe
-
Size
787KB
-
Sample
240527-j4467aec77
-
MD5
2330d80ec71accda8181221b2aaa204f
-
SHA1
1f6fd799124e3e599947b60b1054478ad49aa503
-
SHA256
eb0eac20db3f8e71bc53d2527452cf18acb95b7541cdf61c6520d113194f7cc6
-
SHA512
e0d9c136eebb923f0e4a8437b73d44a2613aa62f9b70cca305254a866b3027a04c70185027ce6d5a55ff401557fd50d1687ff3dd11ab6e9e7a803be346e6796b
-
SSDEEP
24576:Wz86IxgoQ2lvi2LV8jTPJ5LuWkUbG2heonbM0gGfcqAWtDToI9AIN:pzLu55LuWksPkonbM0B9ug
Static task
static1
Behavioral task
behavioral1
Sample
Steam (3).exe
Resource
win10-20240404-en
Malware Config
Extracted
xworm
region-vip.gl.at.ply.gg:52733
-
Install_directory
%ProgramData%
-
install_file
Steam.exe
-
telegram
https://api.telegram.org/bot7186793142:AAGFJjLyhOIBEPcbCbAu3hrbmYsgQ5hzhf4/sendMessage?chat_id=5288662132
Targets
-
-
Target
Steam (3).exe
-
Size
787KB
-
MD5
2330d80ec71accda8181221b2aaa204f
-
SHA1
1f6fd799124e3e599947b60b1054478ad49aa503
-
SHA256
eb0eac20db3f8e71bc53d2527452cf18acb95b7541cdf61c6520d113194f7cc6
-
SHA512
e0d9c136eebb923f0e4a8437b73d44a2613aa62f9b70cca305254a866b3027a04c70185027ce6d5a55ff401557fd50d1687ff3dd11ab6e9e7a803be346e6796b
-
SSDEEP
24576:Wz86IxgoQ2lvi2LV8jTPJ5LuWkUbG2heonbM0gGfcqAWtDToI9AIN:pzLu55LuWksPkonbM0B9ug
Score10/10-
Detect Xworm Payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Adds Run key to start application
-