General
-
Target
d57adb24b010d644315933e7030cbdbc.exe
-
Size
68.0MB
-
Sample
241206-rt67ssxpcn
-
MD5
d57adb24b010d644315933e7030cbdbc
-
SHA1
6d2c83ce9d75b3e1da11c3fbc1b25fdc3944537b
-
SHA256
bc43e925d7b4b74319f6e74e836a96f1997ba404e14ac566cf12a21e9da463db
-
SHA512
62013bbf6803465736c4b2604464a896b6e7f9f712435873de080b7536839e849e7967b767a6f165225312f4bc809d97e824363939c65e7696611088d190e34b
-
SSDEEP
1572864:1Laqinl9atVfhVStFs93Vl7BzSh5fVpg88N5/Tud5AU3G86TQMr:1mveHfhVSTs93Vl7BehhHghzU3Jc
Malware Config
Extracted
xworm
5.0
103.232.55.173:7777
6KOgubdg2DSGnIiN
-
install_file
USB.exe
-
telegram
https://api.telegram.org/bot7898406264:AAEcJvD5oP4JuBuf3i4snVJp7o4fDp7tsuw
Extracted
gurcu
https://api.telegram.org/bot7898406264:AAEcJvD5oP4JuBuf3i4snVJp7o4fDp7tsuw/sendMessage?chat_id=-1002292872097
Targets
-
-
Target
d57adb24b010d644315933e7030cbdbc.exe
-
Size
68.0MB
-
MD5
d57adb24b010d644315933e7030cbdbc
-
SHA1
6d2c83ce9d75b3e1da11c3fbc1b25fdc3944537b
-
SHA256
bc43e925d7b4b74319f6e74e836a96f1997ba404e14ac566cf12a21e9da463db
-
SHA512
62013bbf6803465736c4b2604464a896b6e7f9f712435873de080b7536839e849e7967b767a6f165225312f4bc809d97e824363939c65e7696611088d190e34b
-
SSDEEP
1572864:1Laqinl9atVfhVStFs93Vl7BzSh5fVpg88N5/Tud5AU3G86TQMr:1mveHfhVSTs93Vl7BehhHghzU3Jc
Score10/10-
Detect Xworm Payload
-
Gurcu family
-
Gurcu, WhiteSnake
Gurcu aka WhiteSnake is a malware stealer written in C#.
-
Xworm
Xworm is a remote access trojan written in C#.
-
Xworm family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-