General
-
Target
Wave.exe
-
Size
136KB
-
Sample
250127-sle9savnfn
-
MD5
babf5baf8e26f479242d28cd7737bfcf
-
SHA1
b76b459b9aedf628363d3d4da27aa56e1d9a80ab
-
SHA256
cc38061ed6436ce90ce74e3a5bb969d26b604fe7b6d45ce2f9e5f1d66d99343e
-
SHA512
74e7f66bbceea33cbffb2b164dbc170bfed4d650edeb59b93223bcb371abb9db9b73ddfb75355181d74ed1e83e66944fed9e73bfd8c2dc93c165b479155957b6
-
SSDEEP
3072:5zn5ndBNLQ/bXf26Oq4o4AODQBwUjWZ6RZLTNwEKWmAMMMVgdxo9p:HNLQ/bWo4AO7M1XCKm
Behavioral task
behavioral1
Sample
Wave.exe
Resource
win7-20240903-en
Malware Config
Extracted
xworm
social-decorative.gl.at.ply.gg:29942
find-soup.gl.at.ply.gg:29942
-
Install_directory
%Temp%
-
install_file
XClient.exe
Targets
-
-
Target
Wave.exe
-
Size
136KB
-
MD5
babf5baf8e26f479242d28cd7737bfcf
-
SHA1
b76b459b9aedf628363d3d4da27aa56e1d9a80ab
-
SHA256
cc38061ed6436ce90ce74e3a5bb969d26b604fe7b6d45ce2f9e5f1d66d99343e
-
SHA512
74e7f66bbceea33cbffb2b164dbc170bfed4d650edeb59b93223bcb371abb9db9b73ddfb75355181d74ed1e83e66944fed9e73bfd8c2dc93c165b479155957b6
-
SSDEEP
3072:5zn5ndBNLQ/bXf26Oq4o4AODQBwUjWZ6RZLTNwEKWmAMMMVgdxo9p:HNLQ/bWo4AO7M1XCKm
-
Detect Xworm Payload
-
Xworm family
-
Deletes itself
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-