General
-
Target
c68ed5f218eda55143675dd53c306f2d54e2e5cefe7384a98f389fd10febc755.exe
-
Size
37KB
-
Sample
241202-vgnrgaynen
-
MD5
676ed5d65adaf1ce797d701a2105c68b
-
SHA1
55e1d519067c51f4f37a0cec01d64b4d763e6e7e
-
SHA256
c68ed5f218eda55143675dd53c306f2d54e2e5cefe7384a98f389fd10febc755
-
SHA512
2b0794b3278fe0a3bd668f044cc3c71b0c7757ed0cd3be74bcda71a2e23daad1df9974db6770c5d17c4ccce459d1f0bb505afbd2dc1b0b10e6d274825e72d0fd
-
SSDEEP
768:8u7XSg/KJdyb+Kv+Zh/ZPF5PH9GqHOMhZICQ1f7L:NWrUJK9FN9GYOMoxR7L
Behavioral task
behavioral1
Sample
c68ed5f218eda55143675dd53c306f2d54e2e5cefe7384a98f389fd10febc755.exe
Resource
win7-20240903-en
Malware Config
Extracted
xworm
3.1
127.0.0.1:7000
hrhJrWRRZU41Wc7l
-
Install_directory
%AppData%
-
install_file
USB.exe
Targets
-
-
Target
c68ed5f218eda55143675dd53c306f2d54e2e5cefe7384a98f389fd10febc755.exe
-
Size
37KB
-
MD5
676ed5d65adaf1ce797d701a2105c68b
-
SHA1
55e1d519067c51f4f37a0cec01d64b4d763e6e7e
-
SHA256
c68ed5f218eda55143675dd53c306f2d54e2e5cefe7384a98f389fd10febc755
-
SHA512
2b0794b3278fe0a3bd668f044cc3c71b0c7757ed0cd3be74bcda71a2e23daad1df9974db6770c5d17c4ccce459d1f0bb505afbd2dc1b0b10e6d274825e72d0fd
-
SSDEEP
768:8u7XSg/KJdyb+Kv+Zh/ZPF5PH9GqHOMhZICQ1f7L:NWrUJK9FN9GYOMoxR7L
-
Detect Xworm Payload
-
Xworm family
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-