General
-
Target
Steam Cracked Game.exe
-
Size
342KB
-
Sample
240609-yekhtaec2w
-
MD5
e07737cf61bea17350b57d5e41ace509
-
SHA1
df9a2deac733b5ca5877f9204b56e82538eec838
-
SHA256
838dd21722f8cae52adcb57145a66e34a0607419a8d747442f1398eaf49e3613
-
SHA512
45595657446545b0203c315199a78eeb25a33afded94d612b92bb18297553a568a7d7f66a7927cbcf781c70fc80df28ca6bcf1cc66c48243f50901edd7cfe33c
-
SSDEEP
6144:Itq7bhrSSB+GIIIIIIIhIIIIIIIIIIIIIIIU:RRrq
Malware Config
Extracted
xworm
5.tcp.eu.ngrok.io:19862
-
Install_directory
%Temp%
-
install_file
USB.exe
Targets
-
-
Target
Steam Cracked Game.exe
-
Size
342KB
-
MD5
e07737cf61bea17350b57d5e41ace509
-
SHA1
df9a2deac733b5ca5877f9204b56e82538eec838
-
SHA256
838dd21722f8cae52adcb57145a66e34a0607419a8d747442f1398eaf49e3613
-
SHA512
45595657446545b0203c315199a78eeb25a33afded94d612b92bb18297553a568a7d7f66a7927cbcf781c70fc80df28ca6bcf1cc66c48243f50901edd7cfe33c
-
SSDEEP
6144:Itq7bhrSSB+GIIIIIIIhIIIIIIIIIIIIIIIU:RRrq
Score10/10-
Detect Xworm Payload
-
Xworm
Xworm is a remote access trojan written in C#.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-