General
-
Target
XWorm V5.6.rar
-
Size
22.7MB
-
Sample
241111-zrmpdazjfp
-
MD5
bf2914828889b9f53f5dca3d9bda6f17
-
SHA1
7155e7938a6474d637a83c692eb60d34a8c6e94b
-
SHA256
0a10a2d40d0d1af7fe2d6c90e6ec033bebac388c247845459c59a6cb3e1f1350
-
SHA512
304b612339c0698c4ced92672eb559be4bcdfcdf94c16621430d8822939b970ee9491a7686aa36c3e14527bf0137728c57462e5bbc2107aab32bdce2f929727f
-
SSDEEP
393216:ygLv40tO3Q7adTFRWjVzPZQOo4IdenR/XdGmq+j0f2NXPM3Py/ZmZUeoatgiZMdC:yuw0tO3d9zWjVTZQOoSnR/sygONXPaPd
Static task
static1
Behavioral task
behavioral1
Sample
XWorm V5.6.rar
Resource
win7-20241023-en
Malware Config
Targets
-
-
Target
XWorm V5.6.rar
-
Size
22.7MB
-
MD5
bf2914828889b9f53f5dca3d9bda6f17
-
SHA1
7155e7938a6474d637a83c692eb60d34a8c6e94b
-
SHA256
0a10a2d40d0d1af7fe2d6c90e6ec033bebac388c247845459c59a6cb3e1f1350
-
SHA512
304b612339c0698c4ced92672eb559be4bcdfcdf94c16621430d8822939b970ee9491a7686aa36c3e14527bf0137728c57462e5bbc2107aab32bdce2f929727f
-
SSDEEP
393216:ygLv40tO3Q7adTFRWjVzPZQOo4IdenR/XdGmq+j0f2NXPM3Py/ZmZUeoatgiZMdC:yuw0tO3d9zWjVTZQOoSnR/sygONXPaPd
-
Detect Xworm Payload
-
Xworm family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-