General
-
Target
BOTTLE_config.exe
-
Size
129KB
-
Sample
241029-1yw23a1aqf
-
MD5
980a7d8044ad13e6b0ba2c61b52e1365
-
SHA1
8ce2cda11a969e97e1aac3579bebc6ff5087d87e
-
SHA256
c77da91c55e49be9d9ce67fe5338f21cafef1c22c22b59f2b4823ae7918e680c
-
SHA512
715ac4ea48e5f7d503b6a202a139b9e02813f7d62dee2457d54c68c28e0540cf9bb5b7131d966758d5e7acd9b341e8f2c2f3888cb3e9f5776b96fa5a94444f95
-
SSDEEP
3072:0pJHCvpAli35r0tjLE2fWT7UIMqcgeS71zfqz6:SKAlq5wtW7Fcg9JLqz
Static task
static1
Behavioral task
behavioral1
Sample
BOTTLE_config.exe
Resource
win10ltsc2021-20241023-en
Malware Config
Extracted
xworm
185.84.161.64:7000
-
Install_directory
%ProgramData%
-
install_file
svchost.exe
Targets
-
-
Target
BOTTLE_config.exe
-
Size
129KB
-
MD5
980a7d8044ad13e6b0ba2c61b52e1365
-
SHA1
8ce2cda11a969e97e1aac3579bebc6ff5087d87e
-
SHA256
c77da91c55e49be9d9ce67fe5338f21cafef1c22c22b59f2b4823ae7918e680c
-
SHA512
715ac4ea48e5f7d503b6a202a139b9e02813f7d62dee2457d54c68c28e0540cf9bb5b7131d966758d5e7acd9b341e8f2c2f3888cb3e9f5776b96fa5a94444f95
-
SSDEEP
3072:0pJHCvpAli35r0tjLE2fWT7UIMqcgeS71zfqz6:SKAlq5wtW7Fcg9JLqz
-
Detect Xworm Payload
-
Xworm family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-