General
-
Target
X Image logger beta V5.3.exe
-
Size
281KB
-
Sample
240621-ll13xsydqq
-
MD5
133f3a19d32261097e674ed1bee74cc6
-
SHA1
55b0c7f4cce8cc5c8db8c7024f7a3327b5ec9635
-
SHA256
ef978e1a28ed69260daa1abede6e2b7c2dc70757e16fd7c3a0d20b353ba5fd21
-
SHA512
1e71991df542ccbc1998772544d100163cb4d989302e429a0c487ef811dafbfa4c6fff5ea842dc5df492f82862ba7c0a5eddca93d1a3aaf1e3fb424f1e7595e2
-
SSDEEP
3072:Y++eov7Fz9fZzOjnoRahEe0SzSeXX+pow1X70+OFNXqF0RrssIHtGNXElGRP1L:Ylz9AHhWBTWrsHH8FElg1
Behavioral task
behavioral1
Sample
X Image logger beta V5.3.exe
Resource
win11-20240419-en
Malware Config
Extracted
xworm
5.0
gmt-tamil.gl.at.ply.gg:34742
rP4MOeQc2jhpYogo
-
Install_directory
%Userprofile%
-
install_file
USB.exe
Targets
-
-
Target
X Image logger beta V5.3.exe
-
Size
281KB
-
MD5
133f3a19d32261097e674ed1bee74cc6
-
SHA1
55b0c7f4cce8cc5c8db8c7024f7a3327b5ec9635
-
SHA256
ef978e1a28ed69260daa1abede6e2b7c2dc70757e16fd7c3a0d20b353ba5fd21
-
SHA512
1e71991df542ccbc1998772544d100163cb4d989302e429a0c487ef811dafbfa4c6fff5ea842dc5df492f82862ba7c0a5eddca93d1a3aaf1e3fb424f1e7595e2
-
SSDEEP
3072:Y++eov7Fz9fZzOjnoRahEe0SzSeXX+pow1X70+OFNXqF0RrssIHtGNXElGRP1L:Ylz9AHhWBTWrsHH8FElg1
Score10/10-
Detect Xworm Payload
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-