General
-
Target
0b3b2483858022f5bb12bd3fb10fbf40.bin
-
Size
158KB
-
Sample
240530-bvnh3sae25
-
MD5
0b3b2483858022f5bb12bd3fb10fbf40
-
SHA1
20d502c3846c4f2ef9417b3bbb5083f49f9edfca
-
SHA256
fda822fbe0749e425e59bd4e2272c6bc44638791dd9e9df2373da93977e325ae
-
SHA512
27949fb300fa0e6badb336e06939b68c51400c52ccbe060fae94775a4cb5e883bb7ecb67580137ee0974d9328e8b1c7b9cc18391c923f964e535ae155c482813
-
SSDEEP
3072:An7hJHwidqPCfgttN5P3HQn9bIlO0fS6fO/OfwXscgY:EJQidrfw5vU9bWFS6yg
Behavioral task
behavioral1
Sample
0b3b2483858022f5bb12bd3fb10fbf40.exe
Resource
win7-20240215-en
Malware Config
Targets
-
-
Target
0b3b2483858022f5bb12bd3fb10fbf40.bin
-
Size
158KB
-
MD5
0b3b2483858022f5bb12bd3fb10fbf40
-
SHA1
20d502c3846c4f2ef9417b3bbb5083f49f9edfca
-
SHA256
fda822fbe0749e425e59bd4e2272c6bc44638791dd9e9df2373da93977e325ae
-
SHA512
27949fb300fa0e6badb336e06939b68c51400c52ccbe060fae94775a4cb5e883bb7ecb67580137ee0974d9328e8b1c7b9cc18391c923f964e535ae155c482813
-
SSDEEP
3072:An7hJHwidqPCfgttN5P3HQn9bIlO0fS6fO/OfwXscgY:EJQidrfw5vU9bWFS6yg
-
Detect Xworm Payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-