General
-
Target
Injector2.exe
-
Size
327KB
-
Sample
240531-mtzqhaff92
-
MD5
3e1b6c00c152ecd0945df66e71caa4c1
-
SHA1
6b4e5c1646cac905034b740205f6003a73e872dc
-
SHA256
1bee8362e0fffaa161de96775b92a2b6be47e65798251d0bfd4b82d134cfbd89
-
SHA512
82a8682d63cb88e74667b9a4824e8d832aa9116fd8854e9debc0912ce1a5437544db213e363a6cfbf42bd5a1b0ed6ba4f622803759ca66e6ab50c4ad34b4627b
-
SSDEEP
1536:MDW2YGf/GEjNLTkAD5eZZerr+bhsFz08ISAkTO/2jxSZEsFGfFuAYCRAutPsAzAz:MDrYW/rka5Rr+bhsjItGOOj0j
Behavioral task
behavioral1
Sample
Injector2.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
xworm
rat234678235481254.ddns.net:4782
<Xwormmm>:3412
-
Install_directory
%AppData%
-
install_file
Runtime Broker.exe
Targets
-
-
Target
Injector2.exe
-
Size
327KB
-
MD5
3e1b6c00c152ecd0945df66e71caa4c1
-
SHA1
6b4e5c1646cac905034b740205f6003a73e872dc
-
SHA256
1bee8362e0fffaa161de96775b92a2b6be47e65798251d0bfd4b82d134cfbd89
-
SHA512
82a8682d63cb88e74667b9a4824e8d832aa9116fd8854e9debc0912ce1a5437544db213e363a6cfbf42bd5a1b0ed6ba4f622803759ca66e6ab50c4ad34b4627b
-
SSDEEP
1536:MDW2YGf/GEjNLTkAD5eZZerr+bhsFz08ISAkTO/2jxSZEsFGfFuAYCRAutPsAzAz:MDrYW/rka5Rr+bhsjItGOOj0j
Score10/10-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-