General
-
Target
skibidi.exe
-
Size
39KB
-
Sample
240608-qhkzrabh6y
-
MD5
bb3688445a105073d78ced673e3e5c3a
-
SHA1
87fc0c863b43147f319adc5f77ace30bf9a46177
-
SHA256
dcc4b5a2a10209d280654e18674ee2cbbf775a3aea3be4c2cfaa89e7091de52e
-
SHA512
7e087d18681935068258e00d36a2e1308c3e14eb7617c9fe1d56cd12890414c2f2a03e6f0626faec14c8f87d9f355f4f1577b77910ff9d1ee5262c262f8a015d
-
SSDEEP
768:B9EAZ3FrcogEoBVLQWLFw7aCAAxF5PQ9jd226gOMhU3I4:BXpFr1gE+9Q57BFy9RF6gOMej
Malware Config
Extracted
xworm
5.0
192.168.43.89:7000
gblAQ8uSDpHf0Xxg
-
install_file
USB.exe
Targets
-
-
Target
skibidi.exe
-
Size
39KB
-
MD5
bb3688445a105073d78ced673e3e5c3a
-
SHA1
87fc0c863b43147f319adc5f77ace30bf9a46177
-
SHA256
dcc4b5a2a10209d280654e18674ee2cbbf775a3aea3be4c2cfaa89e7091de52e
-
SHA512
7e087d18681935068258e00d36a2e1308c3e14eb7617c9fe1d56cd12890414c2f2a03e6f0626faec14c8f87d9f355f4f1577b77910ff9d1ee5262c262f8a015d
-
SSDEEP
768:B9EAZ3FrcogEoBVLQWLFw7aCAAxF5PQ9jd226gOMhU3I4:BXpFr1gE+9Q57BFy9RF6gOMej
Score10/10-
Detect Xworm Payload
-
Xworm
Xworm is a remote access trojan written in C#.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-