General
-
Target
robloxcheatloader.bat
-
Size
297KB
-
Sample
241009-g7gtysybnj
-
MD5
615114ba6cad5ad7fe0e28339fbc5e51
-
SHA1
931ac91d80b1d1149aa2603d9583e9282d0f0743
-
SHA256
45b782f056d13bff3c3b4ac821455ee50b7fe7db2a273ade8a6bfa4d14ac3656
-
SHA512
305c3df8806501a72d0db6d5485f0b85cbffb994cc1fb6c57f2587af569d6a364efbf7ae3cf9f59f8dc923ca24a83a3746f7e624c6205a9b623b8db7267095fb
-
SSDEEP
6144:3HSmrJmgKx+Yv/dDTRFK74kVfSmVWYD4lzegex3aZ/SkR:350P6zqmB4lygeEYs
Static task
static1
Behavioral task
behavioral1
Sample
robloxcheatloader.bat
Resource
win7-20240729-en
Malware Config
Extracted
xworm
-
Install_directory
%AppData%
-
install_file
USB.exe
Targets
-
-
Target
robloxcheatloader.bat
-
Size
297KB
-
MD5
615114ba6cad5ad7fe0e28339fbc5e51
-
SHA1
931ac91d80b1d1149aa2603d9583e9282d0f0743
-
SHA256
45b782f056d13bff3c3b4ac821455ee50b7fe7db2a273ade8a6bfa4d14ac3656
-
SHA512
305c3df8806501a72d0db6d5485f0b85cbffb994cc1fb6c57f2587af569d6a364efbf7ae3cf9f59f8dc923ca24a83a3746f7e624c6205a9b623b8db7267095fb
-
SSDEEP
6144:3HSmrJmgKx+Yv/dDTRFK74kVfSmVWYD4lzegex3aZ/SkR:350P6zqmB4lygeEYs
-
Detect Xworm Payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-