General
-
Target
WEAPON BET 100.exe
-
Size
14.4MB
-
Sample
241029-1ybq5azkbx
-
MD5
ec6587965932d9cea6d50b3f8e49f7b7
-
SHA1
38208370466942f3951fa6826c7e542257d76023
-
SHA256
ba927af3496ca0cb71e48e0f402a8b25d59ff78323a0ee82c39a51fbe3d4789b
-
SHA512
3edd2b01c8d703d7adaab8189dfdc377ff9bf093a432aa5b68b3986876071e72834012fcc5b7559cbfa3535145427e6c4ca218cca7710ca2f08be873ee3fb452
-
SSDEEP
393216:hxJ8UAUPC1PHnCTBknPW9m/UeSD4u7ttU:hxmUAUK1PHnmCWsX2t
Static task
static1
Malware Config
Extracted
xworm
185.84.161.64:7000
-
Install_directory
%ProgramData%
-
install_file
svchost.exe
Targets
-
-
Target
WEAPON BET 100.exe
-
Size
14.4MB
-
MD5
ec6587965932d9cea6d50b3f8e49f7b7
-
SHA1
38208370466942f3951fa6826c7e542257d76023
-
SHA256
ba927af3496ca0cb71e48e0f402a8b25d59ff78323a0ee82c39a51fbe3d4789b
-
SHA512
3edd2b01c8d703d7adaab8189dfdc377ff9bf093a432aa5b68b3986876071e72834012fcc5b7559cbfa3535145427e6c4ca218cca7710ca2f08be873ee3fb452
-
SSDEEP
393216:hxJ8UAUPC1PHnCTBknPW9m/UeSD4u7ttU:hxmUAUK1PHnmCWsX2t
-
Detect Xworm Payload
-
Xworm family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-