General
-
Target
Dekbangtlez.exe
-
Size
675KB
-
Sample
241029-1yp9hszkcw
-
MD5
ed8c4275d9e7eb916315fec83f38375f
-
SHA1
ee3943deb752b8f85124f5d4885a1914ac6e7d61
-
SHA256
0dc0610dbac4926a7d3ab442dba98ed1efdea06c7b53b690d1cd2a85e77af3fd
-
SHA512
c2fdec5c745d8dd71cd586227909c2c6c917fca9e6ffc98bb9d7d82fb6206c545f3dc6cac7f266b074a3e06c7fae447e9516ecc66dc24122d3efa01e428b99d7
-
SSDEEP
12288:RtQ/bSl7hk4oSEBOZh0XLiWH/2stVM/Ta5CCoyychTyS8VZmsCj3HvzBLk:xl7h1oScQh0XZH/2Ii2oyFhTyzmsCjXa
Static task
static1
Malware Config
Extracted
xworm
185.84.161.64:7000
45.141.26.194:7000
-
Install_directory
%ProgramData%
-
install_file
svchost.exe
Targets
-
-
Target
Dekbangtlez.exe
-
Size
675KB
-
MD5
ed8c4275d9e7eb916315fec83f38375f
-
SHA1
ee3943deb752b8f85124f5d4885a1914ac6e7d61
-
SHA256
0dc0610dbac4926a7d3ab442dba98ed1efdea06c7b53b690d1cd2a85e77af3fd
-
SHA512
c2fdec5c745d8dd71cd586227909c2c6c917fca9e6ffc98bb9d7d82fb6206c545f3dc6cac7f266b074a3e06c7fae447e9516ecc66dc24122d3efa01e428b99d7
-
SSDEEP
12288:RtQ/bSl7hk4oSEBOZh0XLiWH/2stVM/Ta5CCoyychTyS8VZmsCj3HvzBLk:xl7h1oScQh0XZH/2Ii2oyFhTyzmsCjXa
-
Detect Xworm Payload
-
Xworm family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-