General
-
Target
Stand.Launchpad.exe
-
Size
141KB
-
Sample
240531-y8ybrsda42
-
MD5
acf3d7379d3fdd94dc25a5f4fba2b7ca
-
SHA1
473a8720850bcf01de2fa7e9f8bec974fa9ea7a5
-
SHA256
78245f94d0b369843b5aa7d56936ffb1b035bb16a4df863cabdaf3f986081afa
-
SHA512
722baedd9b0cc3d00b2a2743021acb29e31d58013ea47925ec95b6183117bb138cb6cd6b5edafb4b36c96a56a952936acf862d51a9baf7d2678705c43df61479
-
SSDEEP
1536:SFsrxU3GaRSBmnC6CFTBVu3o9xML7rHIhy6PBIx2WpZGCV:uslUDgxBVUWcIy6PaxJ6CV
Static task
static1
Malware Config
Extracted
xworm
5.0
testarosa.duckdns.org:7110
5ZpeoOe6AtQfr6wU
-
Install_directory
%AppData%
-
install_file
Ondrive.exe
Targets
-
-
Target
Stand.Launchpad.exe
-
Size
141KB
-
MD5
acf3d7379d3fdd94dc25a5f4fba2b7ca
-
SHA1
473a8720850bcf01de2fa7e9f8bec974fa9ea7a5
-
SHA256
78245f94d0b369843b5aa7d56936ffb1b035bb16a4df863cabdaf3f986081afa
-
SHA512
722baedd9b0cc3d00b2a2743021acb29e31d58013ea47925ec95b6183117bb138cb6cd6b5edafb4b36c96a56a952936acf862d51a9baf7d2678705c43df61479
-
SSDEEP
1536:SFsrxU3GaRSBmnC6CFTBVu3o9xML7rHIhy6PBIx2WpZGCV:uslUDgxBVUWcIy6PaxJ6CV
-
Detect Xworm Payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-