General
-
Target
FatalityCrack.exe
-
Size
74KB
-
Sample
241230-wq65vasldj
-
MD5
44217b6e8f45f82ebffe92321639290b
-
SHA1
6bd7da4585d438bc28d5350b9415b6d73b32e807
-
SHA256
657dcc3378b3dbbd131926612fb00e67683ccbc64dc2d743fce213734804f427
-
SHA512
a68f7f194aadd63dcfad5af49dac4def19748e8fb657ab4cc06b514a1a7a2f5fb42424cb1a54a259987487558f2f2c950a1fd219a59f9b27ef826774ae27e7c8
-
SSDEEP
1536:FNhc3BhmLTzjuReXV2y+bo0QnRr6wDeTJPovOoRnaRxsZP:1cxEWRsV2y+boveoOoRN5
Behavioral task
behavioral1
Sample
FatalityCrack.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
xworm
userxmorma-27072.portmap.host:27072
-
Install_directory
%ProgramData%
-
install_file
svchost.exe
-
telegram
https://api.telegram.org/bot8050356849:AAGkujkVbiAoFzC-JTeiZPs5sCb3sdrY2sU/sendMessage?chat_id=8050356849
Targets
-
-
Target
FatalityCrack.exe
-
Size
74KB
-
MD5
44217b6e8f45f82ebffe92321639290b
-
SHA1
6bd7da4585d438bc28d5350b9415b6d73b32e807
-
SHA256
657dcc3378b3dbbd131926612fb00e67683ccbc64dc2d743fce213734804f427
-
SHA512
a68f7f194aadd63dcfad5af49dac4def19748e8fb657ab4cc06b514a1a7a2f5fb42424cb1a54a259987487558f2f2c950a1fd219a59f9b27ef826774ae27e7c8
-
SSDEEP
1536:FNhc3BhmLTzjuReXV2y+bo0QnRr6wDeTJPovOoRnaRxsZP:1cxEWRsV2y+boveoOoRN5
Score10/10-
Detect Xworm Payload
-
Xworm family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-