General
-
Target
c678a8f61ccd104336e195e5021a798e85472f50eb36c69663fe06a4e666d4d3N
-
Size
86KB
-
Sample
241031-jqbbysvrbp
-
MD5
1a3dc739a65084d93c9a712ff05cc030
-
SHA1
00c78706bb006a064b5aeadb3519b83b0e33fbdb
-
SHA256
c678a8f61ccd104336e195e5021a798e85472f50eb36c69663fe06a4e666d4d3
-
SHA512
2013594f81fce4539845a9deadf41fc624e96b787b2bdd0fd267f25fdd893661b5b1d44b7f888191a76bc4fc74f499b7cb139a195c18ab7f39cfb703db54a5a6
-
SSDEEP
1536:qz0RohobJavYs7VV1RxApqg5nVJEQb5z/M1CAsVqN56S9tO7wNAx3ZC3Ki:gUoiqVD7AnPb5/p8NJtO7wNA15i
Behavioral task
behavioral1
Sample
c678a8f61ccd104336e195e5021a798e85472f50eb36c69663fe06a4e666d4d3N.exe
Resource
win7-20241010-en
Malware Config
Extracted
xworm
foreign-olympic.gl.at.ply.gg:21710
147.185.221.23:21710
-
Install_directory
%Userprofile%
-
install_file
USB.exe
-
telegram
https://api.telegram.org/bot7517837255:AAFFYwsM3RAJTfnCWwagMLHeBQRG-F4UScg/sendMessage?chat_id=7538845070
Targets
-
-
Target
c678a8f61ccd104336e195e5021a798e85472f50eb36c69663fe06a4e666d4d3N
-
Size
86KB
-
MD5
1a3dc739a65084d93c9a712ff05cc030
-
SHA1
00c78706bb006a064b5aeadb3519b83b0e33fbdb
-
SHA256
c678a8f61ccd104336e195e5021a798e85472f50eb36c69663fe06a4e666d4d3
-
SHA512
2013594f81fce4539845a9deadf41fc624e96b787b2bdd0fd267f25fdd893661b5b1d44b7f888191a76bc4fc74f499b7cb139a195c18ab7f39cfb703db54a5a6
-
SSDEEP
1536:qz0RohobJavYs7VV1RxApqg5nVJEQb5z/M1CAsVqN56S9tO7wNAx3ZC3Ki:gUoiqVD7AnPb5/p8NJtO7wNA15i
-
Detect Xworm Payload
-
Xworm family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-