General
-
Target
X-PROJECT.exe
-
Size
127KB
-
Sample
241029-1xw1ns1anc
-
MD5
967ae47a2ebbc731d6c8b5a92c07f4d9
-
SHA1
5bc6d706c70976c7db73cfc7eb040a9dd6a0d381
-
SHA256
cb30232f405584a8cafc49eb0a44fafa1ef2849d3ebb4281bdad8322258af295
-
SHA512
a393f75acb878e05a5ddc2c2826c84dffd2f7f95cd92a0b0c6ff6048e3a6831dbdc30d0239d7e1a75af50a52272a210dbd368b65c1ff957805178e3682206d32
-
SSDEEP
1536:SvFEDx0o36CRiHNcXasFsdLB74NsK7hoOPHIPILlQTYFWJOIs2cgJFyJy+lDt:SvFE736CUHWTaLu1nZLE/cgJF1+h
Static task
static1
Behavioral task
behavioral1
Sample
X-PROJECT.exe
Resource
win7-20240903-en
Malware Config
Extracted
xworm
185.84.161.64:7000
-
Install_directory
%ProgramData%
-
install_file
svchost.exe
Targets
-
-
Target
X-PROJECT.exe
-
Size
127KB
-
MD5
967ae47a2ebbc731d6c8b5a92c07f4d9
-
SHA1
5bc6d706c70976c7db73cfc7eb040a9dd6a0d381
-
SHA256
cb30232f405584a8cafc49eb0a44fafa1ef2849d3ebb4281bdad8322258af295
-
SHA512
a393f75acb878e05a5ddc2c2826c84dffd2f7f95cd92a0b0c6ff6048e3a6831dbdc30d0239d7e1a75af50a52272a210dbd368b65c1ff957805178e3682206d32
-
SSDEEP
1536:SvFEDx0o36CRiHNcXasFsdLB74NsK7hoOPHIPILlQTYFWJOIs2cgJFyJy+lDt:SvFE736CUHWTaLu1nZLE/cgJF1+h
-
Detect Xworm Payload
-
Xworm family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-