General
-
Target
FullOption_2.1Xenos.exe
-
Size
4.0MB
-
Sample
241029-z6pghszgjp
-
MD5
b764464ce51f73187f506614a94e9203
-
SHA1
69e7f6c422aa7df6c5f6f7cf2d2cdd559239afbb
-
SHA256
9ae862326eec8697ced81adb55e64704dcbe137e967f932518749b2f6458b051
-
SHA512
b14e452bf906696721ba1e453848a5be56a57ebe98f5f706bf8f5bb7f9e9b395953977e2c3b97c08d7ac374355f49a49cf5d903b1a0435ebe6888c33518ac614
-
SSDEEP
98304:jhPEqi3eke7TEDTc8WUshRoe3lGbdHjUJeDofmS4xWs:jh8qig7IDYr13whv0O1B
Static task
static1
Malware Config
Extracted
xworm
185.84.161.64:7000
-
Install_directory
%ProgramData%
-
install_file
svchost.exe
Targets
-
-
Target
FullOption_2.1Xenos.exe
-
Size
4.0MB
-
MD5
b764464ce51f73187f506614a94e9203
-
SHA1
69e7f6c422aa7df6c5f6f7cf2d2cdd559239afbb
-
SHA256
9ae862326eec8697ced81adb55e64704dcbe137e967f932518749b2f6458b051
-
SHA512
b14e452bf906696721ba1e453848a5be56a57ebe98f5f706bf8f5bb7f9e9b395953977e2c3b97c08d7ac374355f49a49cf5d903b1a0435ebe6888c33518ac614
-
SSDEEP
98304:jhPEqi3eke7TEDTc8WUshRoe3lGbdHjUJeDofmS4xWs:jh8qig7IDYr13whv0O1B
-
Detect Xworm Payload
-
Xworm family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-