General
-
Target
images (1).jpg
-
Size
7KB
-
Sample
240531-tgp4vsea72
-
MD5
626ca4444b5467a6f7ef0c76390d8326
-
SHA1
43b0765303adeaa4aca03dcb1ec7a935bc0b2cd3
-
SHA256
0b43d56b3ff8343955f5a0148ae54326b6a7c9dd30d7846e2e2865d8a10c19a1
-
SHA512
474c84ce79ae82a88b7947e266cf5e432ce05b747672fa9e165148a653a4eabf60f855ea30a28e31bb605f600644504ec955e0c3623f5ebc5b8ff89651518c76
-
SSDEEP
192:KONUduNvPlpM48HIxsBhT2hNV7Y9Glo5WLxtLHpUPP0:/1S4xsBJ2970ILPHV
Static task
static1
Behavioral task
behavioral1
Sample
images (1).jpg
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
images (1).jpg
Resource
win11-20240508-en
Malware Config
Extracted
xworm
20.ip.gl.ply.gg:4277
-
Install_directory
%Userprofile%
-
install_file
aimware_steam_module.exe
Targets
-
-
Target
images (1).jpg
-
Size
7KB
-
MD5
626ca4444b5467a6f7ef0c76390d8326
-
SHA1
43b0765303adeaa4aca03dcb1ec7a935bc0b2cd3
-
SHA256
0b43d56b3ff8343955f5a0148ae54326b6a7c9dd30d7846e2e2865d8a10c19a1
-
SHA512
474c84ce79ae82a88b7947e266cf5e432ce05b747672fa9e165148a653a4eabf60f855ea30a28e31bb605f600644504ec955e0c3623f5ebc5b8ff89651518c76
-
SSDEEP
192:KONUduNvPlpM48HIxsBhT2hNV7Y9Glo5WLxtLHpUPP0:/1S4xsBJ2970ILPHV
Score10/10-
Detect Xworm Payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-