General
-
Target
dsdsssss.exe
-
Size
188KB
-
Sample
241029-zj4mxszbme
-
MD5
c377741b2f645306ca78ac483f39c46b
-
SHA1
fb23442e15c2d13906060eef2307d8627cf5fef3
-
SHA256
f9975d77f8f179038fae4b3270519386b564b239ba1a84d8c63143d34b08e2ed
-
SHA512
c358e38c01e5d881277c2309a1c984badbb2b5a1cecb3e41d1e8498d83e3e6ad4dd44bf703e51a8f10db4e184528362cf5060a3a80aa13f1e4875660956c0d26
-
SSDEEP
3072:ECQRBbNkXyGeBbtk1pAD5OCdqOcriBpYuAM:ECcSidbtBPdh3x
Malware Config
Extracted
xworm
-
Install_directory
%LocalAppData%
-
install_file
USB.exe
-
pastebin_url
https://pastebin.com/raw/H3wFXmEi
Targets
-
-
Target
dsdsssss.exe
-
Size
188KB
-
MD5
c377741b2f645306ca78ac483f39c46b
-
SHA1
fb23442e15c2d13906060eef2307d8627cf5fef3
-
SHA256
f9975d77f8f179038fae4b3270519386b564b239ba1a84d8c63143d34b08e2ed
-
SHA512
c358e38c01e5d881277c2309a1c984badbb2b5a1cecb3e41d1e8498d83e3e6ad4dd44bf703e51a8f10db4e184528362cf5060a3a80aa13f1e4875660956c0d26
-
SSDEEP
3072:ECQRBbNkXyGeBbtk1pAD5OCdqOcriBpYuAM:ECcSidbtBPdh3x
-
Detect Xworm Payload
-
Xworm family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-