General
-
Target
Bloxstrap-v2.5.4.exe
-
Size
8.1MB
-
Sample
240531-vatddafb38
-
MD5
0679c6591330ab2da2475ae9c59f3dd3
-
SHA1
4a84f606f89f2efd0bac2ed81cd63261abc0bf70
-
SHA256
669d8928c72692d168e5c283fcff37613d98e31267b81d41931651eeed78bb8b
-
SHA512
d1ab972ef66e6277f13439de27c735b6ced33dc25c7d62faaae5c361f0bcdc63ee955a1c4e6e7aea11e50b0918417c401e1f62ca8f29801adb3c80962d8bbfb9
-
SSDEEP
196608:9EFpft/92016gxp6mRbcYCGMcncOcWchner7UAdYZJswJHfXPzbvi+7N:9EG0Eup6qbcYCGMcncOcWchngU7ZJs0/
Static task
static1
Behavioral task
behavioral1
Sample
Bloxstrap-v2.5.4.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
xworm
selected-thongs.gl.at.ply.gg:80
-
Install_directory
%AppData%
-
install_file
XClient.exe
Targets
-
-
Target
Bloxstrap-v2.5.4.exe
-
Size
8.1MB
-
MD5
0679c6591330ab2da2475ae9c59f3dd3
-
SHA1
4a84f606f89f2efd0bac2ed81cd63261abc0bf70
-
SHA256
669d8928c72692d168e5c283fcff37613d98e31267b81d41931651eeed78bb8b
-
SHA512
d1ab972ef66e6277f13439de27c735b6ced33dc25c7d62faaae5c361f0bcdc63ee955a1c4e6e7aea11e50b0918417c401e1f62ca8f29801adb3c80962d8bbfb9
-
SSDEEP
196608:9EFpft/92016gxp6mRbcYCGMcncOcWchner7UAdYZJswJHfXPzbvi+7N:9EG0Eup6qbcYCGMcncOcWchngU7ZJs0/
Score10/10-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-