General
-
Target
stub.bat
-
Size
296KB
-
Sample
240710-zx92vssdpe
-
MD5
907e9fc6911129b0a47c7d86d7f7f9d8
-
SHA1
685dfd20c4e49dbb6f6aad11b58c97ab0162e8bc
-
SHA256
c149c689139cacc133cf0718188cbedc9fe0be449297a71f1c5a18255bdfac2a
-
SHA512
07a1239ded8379d48dee4cfef74e9496c090ecc4b8efae0bb26fafbebc58736be0e69f7b9ded184da058e282f0f8a0c69060c60ae8ab870cc1d68aee328713ee
-
SSDEEP
6144:PlnR5B5sUMI+nNsj1dh6X+eRMiTF+VFESpcob6SgTMzpbm6j9o88Upt/R8N0ns7:9R5zsUMDsjx4dF6cSQ4BOUD/RE7
Static task
static1
Behavioral task
behavioral1
Sample
stub.bat
Resource
win10v2004-20240709-en
Malware Config
Extracted
xworm
127.0.0.1:48802
those-situation.gl.at.ply.gg:48802
-
Install_directory
%AppData%
-
install_file
x4host.exe
Targets
-
-
Target
stub.bat
-
Size
296KB
-
MD5
907e9fc6911129b0a47c7d86d7f7f9d8
-
SHA1
685dfd20c4e49dbb6f6aad11b58c97ab0162e8bc
-
SHA256
c149c689139cacc133cf0718188cbedc9fe0be449297a71f1c5a18255bdfac2a
-
SHA512
07a1239ded8379d48dee4cfef74e9496c090ecc4b8efae0bb26fafbebc58736be0e69f7b9ded184da058e282f0f8a0c69060c60ae8ab870cc1d68aee328713ee
-
SSDEEP
6144:PlnR5B5sUMI+nNsj1dh6X+eRMiTF+VFESpcob6SgTMzpbm6j9o88Upt/R8N0ns7:9R5zsUMDsjx4dF6cSQ4BOUD/RE7
Score10/10-
Detect Xworm Payload
-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-