General
-
Target
c1d3f338c8c1113b31487a7c1a9aa2bc7656031f117a77eaf95b78859a6d2a52N
-
Size
78KB
-
Sample
241030-1ke7dssarl
-
MD5
f6e8c50ec340112a5af6743fef26caf0
-
SHA1
7f4b761c19a5c04b11f509d8d72cb4baed70851b
-
SHA256
c1d3f338c8c1113b31487a7c1a9aa2bc7656031f117a77eaf95b78859a6d2a52
-
SHA512
c9fb14e0e6e14480577aeb1f3126c7a127fc579fa9ea00fb65c11f0ea3a5d762416ec35b0e5da0aafa8916204c82397a9ba5893b55ed49a94605a7f4310ebfb8
-
SSDEEP
1536:vPjnwJaf6LXBYopc52OzEaSv0FLE7bJDBTPMjxQ6Llpyi7nOpkmHpNO0:vPzwJaf6LXBZA2OzEOF4bJ1kjL5nOpku
Behavioral task
behavioral1
Sample
c1d3f338c8c1113b31487a7c1a9aa2bc7656031f117a77eaf95b78859a6d2a52N.exe
Resource
win7-20240903-en
Malware Config
Extracted
xworm
foreign-olympic.gl.at.ply.gg:21710
147.185.221.23:21710
-
Install_directory
%Userprofile%
-
install_file
USB.exe
-
telegram
https://api.telegram.org/bot7517837255:AAFFYwsM3RAJTfnCWwagMLHeBQRG-F4UScg/sendMessage?chat_id=7538845070
Targets
-
-
Target
c1d3f338c8c1113b31487a7c1a9aa2bc7656031f117a77eaf95b78859a6d2a52N
-
Size
78KB
-
MD5
f6e8c50ec340112a5af6743fef26caf0
-
SHA1
7f4b761c19a5c04b11f509d8d72cb4baed70851b
-
SHA256
c1d3f338c8c1113b31487a7c1a9aa2bc7656031f117a77eaf95b78859a6d2a52
-
SHA512
c9fb14e0e6e14480577aeb1f3126c7a127fc579fa9ea00fb65c11f0ea3a5d762416ec35b0e5da0aafa8916204c82397a9ba5893b55ed49a94605a7f4310ebfb8
-
SSDEEP
1536:vPjnwJaf6LXBYopc52OzEaSv0FLE7bJDBTPMjxQ6Llpyi7nOpkmHpNO0:vPzwJaf6LXBZA2OzEOF4bJ1kjL5nOpku
-
Detect Xworm Payload
-
Xworm family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-