General
-
Target
3. ลบประวัติรัน ใส่ไว้ในคอมลูกค้าได้เลย.exe
-
Size
88KB
-
Sample
241029-1yjfzaskbr
-
MD5
d5193774c90ba82c65541beadd6c313e
-
SHA1
3925fc50ab0c8ce843e08941cb3f418a7eae379b
-
SHA256
c3673d01d7ccd2a3c7735b8b00b050f731e73af3feb6e5b14bf3689bf89b884c
-
SHA512
f4a4e24cc173458222a742d00bf461623ab0fba5309d3d275ba93a6840a267c8d460479767f1e637e53a6933d734ce76b7e9f579b7ff3711e582eb4caf8bca54
-
SSDEEP
1536:Pm1GBOZ7//G3CFdS313hZsB77buO4MHXpZqVhrcLEuwTnq:PmMq7bFdSF3mXimyV5mEjnq
Static task
static1
Malware Config
Extracted
xworm
185.84.161.64:7000
-
Install_directory
%ProgramData%
-
install_file
svchost.exe
Targets
-
-
Target
3. ลบประวัติรัน ใส่ไว้ในคอมลูกค้าได้เลย.exe
-
Size
88KB
-
MD5
d5193774c90ba82c65541beadd6c313e
-
SHA1
3925fc50ab0c8ce843e08941cb3f418a7eae379b
-
SHA256
c3673d01d7ccd2a3c7735b8b00b050f731e73af3feb6e5b14bf3689bf89b884c
-
SHA512
f4a4e24cc173458222a742d00bf461623ab0fba5309d3d275ba93a6840a267c8d460479767f1e637e53a6933d734ce76b7e9f579b7ff3711e582eb4caf8bca54
-
SSDEEP
1536:Pm1GBOZ7//G3CFdS313hZsB77buO4MHXpZqVhrcLEuwTnq:PmMq7bFdSF3mXimyV5mEjnq
-
Detect Xworm Payload
-
Xworm family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-