General
-
Target
UNBANSEVER.exe
-
Size
759KB
-
Sample
241029-1x8dps1cjk
-
MD5
30485bfd2d58f3448b9b235a05b9951c
-
SHA1
183f316fd6201eba056ccb5a8efdece5df6c8f8c
-
SHA256
d7ffc0a81cd1bae45ba220a4fcbbae32b10cb2f7449e996bf3c57ee9b7f3c47b
-
SHA512
758c110ca487b2195581370fbc3021a35ebfaeffc202deedf84be2c1813de6e5cb43947ee3ee4fb2e57e369897b06bd802065a85a9dbd8138444e8471b6af252
-
SSDEEP
12288:Ink7Er1/zPdaGn+SjpV8VnHGM/GCA9KP91jUwMf+VO:U6idxLj8BHGyRx9d3W+VO
Static task
static1
Malware Config
Extracted
xworm
185.84.161.64:7000
45.141.26.194:7000
-
Install_directory
%ProgramData%
-
install_file
svchost.exe
Targets
-
-
Target
UNBANSEVER.exe
-
Size
759KB
-
MD5
30485bfd2d58f3448b9b235a05b9951c
-
SHA1
183f316fd6201eba056ccb5a8efdece5df6c8f8c
-
SHA256
d7ffc0a81cd1bae45ba220a4fcbbae32b10cb2f7449e996bf3c57ee9b7f3c47b
-
SHA512
758c110ca487b2195581370fbc3021a35ebfaeffc202deedf84be2c1813de6e5cb43947ee3ee4fb2e57e369897b06bd802065a85a9dbd8138444e8471b6af252
-
SSDEEP
12288:Ink7Er1/zPdaGn+SjpV8VnHGM/GCA9KP91jUwMf+VO:U6idxLj8BHGyRx9d3W+VO
-
Detect Xworm Payload
-
Xworm family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-