General
-
Target
Stand.Launchpad.exe
-
Size
139KB
-
Sample
240531-zc1yfscd61
-
MD5
21c2b6ed573e2af143ca9abbc3e3947c
-
SHA1
65462ec94e7a4f749cc5b81ee24eaa59f45c66c9
-
SHA256
a7caa09c1ee4b7523ff673a2b646ec4e39c3bbe3c59b443a31e362944ac9f4de
-
SHA512
86c56d29b04fb9007e96c3c5fe3bff16eac5974e74105ec12acd3e9f8f68eb34055571ac88ec5a15e9ba3c071d20ea1a1517f16472ba7aab406f03fd100d6db7
-
SSDEEP
1536:6n5Jj8rRLDt0jJAJye62Ng8/rWv5jIySyV0ReTMIwDX+I5XHz12fxWhnbV:ALFrr2XjWRjEReoP112fxWhnbV
Static task
static1
Behavioral task
behavioral1
Sample
Stand.Launchpad.exe
Resource
win11-20240508-en
Malware Config
Extracted
xworm
127.0.0.1:57023
Name1442-57023.portmap.host:57023
-
Install_directory
%Temp%
-
install_file
Stand.exe
Targets
-
-
Target
Stand.Launchpad.exe
-
Size
139KB
-
MD5
21c2b6ed573e2af143ca9abbc3e3947c
-
SHA1
65462ec94e7a4f749cc5b81ee24eaa59f45c66c9
-
SHA256
a7caa09c1ee4b7523ff673a2b646ec4e39c3bbe3c59b443a31e362944ac9f4de
-
SHA512
86c56d29b04fb9007e96c3c5fe3bff16eac5974e74105ec12acd3e9f8f68eb34055571ac88ec5a15e9ba3c071d20ea1a1517f16472ba7aab406f03fd100d6db7
-
SSDEEP
1536:6n5Jj8rRLDt0jJAJye62Ng8/rWv5jIySyV0ReTMIwDX+I5XHz12fxWhnbV:ALFrr2XjWRjEReoP112fxWhnbV
Score10/10-
Detect Xworm Payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-