General
-
Target
main.v1.exe
-
Size
1.2MB
-
Sample
240621-gsa3vstdpj
-
MD5
dc34a8f3b65df10c070951e4badc0dc4
-
SHA1
cf3f53df78152e416ae517dd09a2d8e874c3cb05
-
SHA256
6666c3ef1bb36779fd6725d4ec308dd4a5a7677931844691d1d3fdba46c3278f
-
SHA512
a52afa789dc5ac42c50a2364c2d9e8138aaee833ac4e266f99473a01412e46fcbfa3351adf538ec023df13234203b90c0b8d3e429155b4515da1210657f9e008
-
SSDEEP
24576:vGjmmvk+tKHCeYhDM/gRZGJ1FkRlqY3Jna5ptgJBXc1mz7MljDBdUaUk/0nF:+6mvoieODMo/GJQoYpantgbv81ck0n
Static task
static1
Behavioral task
behavioral1
Sample
main.v1.exe
Resource
win7-20240611-en
Malware Config
Extracted
xworm
gift-scientists.gl.at.ply.gg:20443
-
Install_directory
%AppData%
-
install_file
scvhost.exe
Targets
-
-
Target
main.v1.exe
-
Size
1.2MB
-
MD5
dc34a8f3b65df10c070951e4badc0dc4
-
SHA1
cf3f53df78152e416ae517dd09a2d8e874c3cb05
-
SHA256
6666c3ef1bb36779fd6725d4ec308dd4a5a7677931844691d1d3fdba46c3278f
-
SHA512
a52afa789dc5ac42c50a2364c2d9e8138aaee833ac4e266f99473a01412e46fcbfa3351adf538ec023df13234203b90c0b8d3e429155b4515da1210657f9e008
-
SSDEEP
24576:vGjmmvk+tKHCeYhDM/gRZGJ1FkRlqY3Jna5ptgJBXc1mz7MljDBdUaUk/0nF:+6mvoieODMo/GJQoYpantgbv81ck0n
-
Detect Xworm Payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-