General
-
Target
13682a1fb0dda20221b4944e620afbeb6f8462d06e0ad4f51cf7c8822a3bc921.exe
-
Size
9KB
-
Sample
250120-d869fszjhx
-
MD5
4bf929c0bd3608c4c1da02c8d4e96f21
-
SHA1
92e766434ecd47888c2cd10af1f14c1ddb735f22
-
SHA256
13682a1fb0dda20221b4944e620afbeb6f8462d06e0ad4f51cf7c8822a3bc921
-
SHA512
d3e4b3c4509ff788944833bda8f2e10dfbd76a92bd2990b8006f14907b852e33d8bc9ae3320408bed381b58d58828aef6af56abc86291d932681170785277f55
-
SSDEEP
192:kmGhMITEquCA/a1zbhQ5rycbXfrxQNsWkhbv8EFm/Qm:km7rquN/a1zbIryePraXkhIl/T
Malware Config
Extracted
xworm
147.185.221.25:18007
-
Install_directory
%AppData%
-
install_file
svc.exe
-
telegram
https://api.telegram.org/bot7958612105:AAHSNEPMuFgiaNh4WYBmEL8ysE2Ek6JH2i4/sendMessage?chat_id=8093935255
Targets
-
-
Target
13682a1fb0dda20221b4944e620afbeb6f8462d06e0ad4f51cf7c8822a3bc921.exe
-
Size
9KB
-
MD5
4bf929c0bd3608c4c1da02c8d4e96f21
-
SHA1
92e766434ecd47888c2cd10af1f14c1ddb735f22
-
SHA256
13682a1fb0dda20221b4944e620afbeb6f8462d06e0ad4f51cf7c8822a3bc921
-
SHA512
d3e4b3c4509ff788944833bda8f2e10dfbd76a92bd2990b8006f14907b852e33d8bc9ae3320408bed381b58d58828aef6af56abc86291d932681170785277f55
-
SSDEEP
192:kmGhMITEquCA/a1zbhQ5rycbXfrxQNsWkhbv8EFm/Qm:km7rquN/a1zbIryePraXkhIl/T
Score10/10-
Detect Xworm Payload
-
Xworm
Xworm is a remote access trojan written in C#.
-
Xworm family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-