General
-
Target
Stand.Handler.bat
-
Size
478KB
-
Sample
240531-zdasnacd8v
-
MD5
b6de263fec4f04997a869ed7112b8759
-
SHA1
59d43ded2302f76f602e6ea7ae1285b373300f3b
-
SHA256
152c7242abce7287170a4025def239d75c3c294e0710f7073f6bbb25abc31c44
-
SHA512
5237ea099e1bfef0ea6daeb77a78ba45fde4facfc010fb8182568c69f9d67b6eb3bb5a74a51b54a2a89299abbc4b733f01b9ad6e2d36df857c0586a883489533
-
SSDEEP
12288:xQVCDDh3QR1lXysnmEPVyNj00kZfwscx93Zq6rCLooR:xQIDlQRnlLy+0vscTpqPr
Static task
static1
Behavioral task
behavioral1
Sample
Stand.Handler.bat
Resource
win11-20240426-en
Malware Config
Extracted
xworm
127.0.0.1:57023
Name1442-57023.portmap.host:57023
-
Install_directory
%Temp%
-
install_file
Stand.exe
Targets
-
-
Target
Stand.Handler.bat
-
Size
478KB
-
MD5
b6de263fec4f04997a869ed7112b8759
-
SHA1
59d43ded2302f76f602e6ea7ae1285b373300f3b
-
SHA256
152c7242abce7287170a4025def239d75c3c294e0710f7073f6bbb25abc31c44
-
SHA512
5237ea099e1bfef0ea6daeb77a78ba45fde4facfc010fb8182568c69f9d67b6eb3bb5a74a51b54a2a89299abbc4b733f01b9ad6e2d36df857c0586a883489533
-
SSDEEP
12288:xQVCDDh3QR1lXysnmEPVyNj00kZfwscx93Zq6rCLooR:xQIDlQRnlLy+0vscTpqPr
Score10/10-
Detect Xworm Payload
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-