General
-
Target
be1243dcd5cd64592aeb2c04d1dcb1a76c101aade618dbf6c33f96704741451e
-
Size
38KB
-
Sample
240530-magqksea31
-
MD5
d77397ab46eb531732629de610dfd019
-
SHA1
7807cda05e71b1dce105d80ec23e40d55077b4d1
-
SHA256
be1243dcd5cd64592aeb2c04d1dcb1a76c101aade618dbf6c33f96704741451e
-
SHA512
f49a1c0a67bf194572c00a51b779364175c72a3d9fe419f599a6108224da266f7731c54feb985cee151a7df61c7fe4a6d2d23ddb9881b1f14c5c060d95b62eff
-
SSDEEP
768:SFtVJhZprPHSECWbLG1KuuuEYEgefFWPC93IQuW6cOMhha9:SFthZpLb3O1KuuPhFJ93eW6cOMLM
Behavioral task
behavioral1
Sample
be1243dcd5cd64592aeb2c04d1dcb1a76c101aade618dbf6c33f96704741451e.exe
Resource
win7-20240508-en
Malware Config
Extracted
xworm
5.0
127.0.0.1:4099
WSW1mmn4FiepKDro
-
Install_directory
%AppData%
-
install_file
XClient.exe
Targets
-
-
Target
be1243dcd5cd64592aeb2c04d1dcb1a76c101aade618dbf6c33f96704741451e
-
Size
38KB
-
MD5
d77397ab46eb531732629de610dfd019
-
SHA1
7807cda05e71b1dce105d80ec23e40d55077b4d1
-
SHA256
be1243dcd5cd64592aeb2c04d1dcb1a76c101aade618dbf6c33f96704741451e
-
SHA512
f49a1c0a67bf194572c00a51b779364175c72a3d9fe419f599a6108224da266f7731c54feb985cee151a7df61c7fe4a6d2d23ddb9881b1f14c5c060d95b62eff
-
SSDEEP
768:SFtVJhZprPHSECWbLG1KuuuEYEgefFWPC93IQuW6cOMhha9:SFthZpLb3O1KuuPhFJ93eW6cOMLM
-
Detect Xworm Payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-