Resubmissions
14-08-2024 11:34
240814-npp6yavbpl 1024-07-2024 18:34
240724-w7q5ys1cmr 1024-07-2024 18:33
240724-w7ag7stere 1024-07-2024 18:31
240724-w6jdqa1bqp 1024-07-2024 18:30
240724-w5zdjs1bnm 1024-07-2024 18:30
240724-w5j9matejg 1024-07-2024 18:29
240724-w44lwatdqd 1024-07-2024 18:28
240724-w4nknatdpa 1024-07-2024 18:27
240724-w38t7s1apm 1024-07-2024 18:24
240724-w2jtpazhrm 10General
-
Target
писька чит.exe
-
Size
71KB
-
Sample
240724-w38t7s1apm
-
MD5
ed3794861ddc34b4748ff8081e80cb2b
-
SHA1
e63cf084552f0c2803de0109e3d2fcd3102c4738
-
SHA256
6af19a694c8c3e6860d2555ce16be115c599c3424ec1e01c0bf67acd3298ae0f
-
SHA512
df771b8eecb7e065628c06b8cca9aa7df6dd05bbdba0f85ed34010e264a286a17129289d6ac3e9f87c56152ed7a35302e88ae6643a1bb06c45745cf3d5ea0b03
-
SSDEEP
1536:EYB+O1NIBlJ4wlA0B4GI0b0xEPdB8QlOrIXt6fT+S1va+OuPyGV54:EOgQwlRB4wb0xEFBdMIk+S19OuaGV54
Behavioral task
behavioral1
Sample
писька чит.exe
Resource
win7-20240704-en
Malware Config
Extracted
xworm
main-although.gl.at.ply.gg:30970
-
Install_directory
%AppData%
-
install_file
XClient.exe
Targets
-
-
Target
писька чит.exe
-
Size
71KB
-
MD5
ed3794861ddc34b4748ff8081e80cb2b
-
SHA1
e63cf084552f0c2803de0109e3d2fcd3102c4738
-
SHA256
6af19a694c8c3e6860d2555ce16be115c599c3424ec1e01c0bf67acd3298ae0f
-
SHA512
df771b8eecb7e065628c06b8cca9aa7df6dd05bbdba0f85ed34010e264a286a17129289d6ac3e9f87c56152ed7a35302e88ae6643a1bb06c45745cf3d5ea0b03
-
SSDEEP
1536:EYB+O1NIBlJ4wlA0B4GI0b0xEPdB8QlOrIXt6fT+S1va+OuPyGV54:EOgQwlRB4wb0xEFBdMIk+S19OuaGV54
-
Detect Xworm Payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-