General
-
Target
d8c874b2f3101b888c0307a3135326263d65665adf93e5cada122c765a054adc.exe
-
Size
158KB
-
Sample
241105-eztsfavgjl
-
MD5
f39aa63640544e201c35e4ecc70f5b6c
-
SHA1
6f7cbcf265f9a8160df7e9f5344a377e26da93c1
-
SHA256
d8c874b2f3101b888c0307a3135326263d65665adf93e5cada122c765a054adc
-
SHA512
2ea8ac295d56cb017719eeca9eabc34fd23f724749d83883584d3a639b50ae2245e3eb89467d1621716c3ed54afcd822311c892fa15278b125329d93612ab08a
-
SSDEEP
3072:VyQjswuedxx2GFQ5psohfNUshn76Wtve7gRPyXVxj+5OWO8GwmQqoyK+EtY:VyQYOdyIQ5pvhfDn7HvcHC9Gw/ixE
Malware Config
Extracted
xworm
xxxx.freedynamicdns.net:1997
-
Install_directory
%LocalAppData%
-
install_file
explorer.exe
-
telegram
https://api.telegram.org/bot7470132733:AAFv29agMHCbkbiHbNHt7LzTib-Els5808o/sendMessage?chat_id=761641337
Targets
-
-
Target
d8c874b2f3101b888c0307a3135326263d65665adf93e5cada122c765a054adc.exe
-
Size
158KB
-
MD5
f39aa63640544e201c35e4ecc70f5b6c
-
SHA1
6f7cbcf265f9a8160df7e9f5344a377e26da93c1
-
SHA256
d8c874b2f3101b888c0307a3135326263d65665adf93e5cada122c765a054adc
-
SHA512
2ea8ac295d56cb017719eeca9eabc34fd23f724749d83883584d3a639b50ae2245e3eb89467d1621716c3ed54afcd822311c892fa15278b125329d93612ab08a
-
SSDEEP
3072:VyQjswuedxx2GFQ5psohfNUshn76Wtve7gRPyXVxj+5OWO8GwmQqoyK+EtY:VyQYOdyIQ5pvhfDn7HvcHC9Gw/ixE
Score10/10-
Detect Xworm Payload
-
Xworm
Xworm is a remote access trojan written in C#.
-
Xworm family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-