General
-
Target
MicrosoftEdge.exe
-
Size
3.3MB
-
Sample
250304-3qn3latns6
-
MD5
a06a19515b00d599ecbf2c6d7a2a185a
-
SHA1
79c2ebaa97f6a46f6b10929d6c268541a9580aff
-
SHA256
ff853e1b05a5ce860ea3cc1f6beac04ac7721ca15f30795957fb35333623c76f
-
SHA512
f1fdba22e8f065e57fcfd468fe1e8afb40bf7e279919084ac32e1f085ef9b3d033e1462fa4295430bee063e9f0d7510899766f23abe3b4cb9121706bd4c9c2c4
-
SSDEEP
98304:xx6lXt2M6z/UsjaVs9jZ0WgH8zcinUP2yWkIy8vE:xx6dn6znXjCW1AiUeoaM
Malware Config
Extracted
xworm
-
Install_directory
%AppData%
-
install_file
Microsoft Edge.exe
-
pastebin_url
https://pastebin.com/raw/zYgpCQBC
-
telegram
https://api.telegram.org/bot7322335748:AAEr-qkbNoi4AH-VkGzWTsoAJ0Jx3HkKwbk/sendMessage?chat_id=7763830849
Targets
-
-
Target
MicrosoftEdge.exe
-
Size
3.3MB
-
MD5
a06a19515b00d599ecbf2c6d7a2a185a
-
SHA1
79c2ebaa97f6a46f6b10929d6c268541a9580aff
-
SHA256
ff853e1b05a5ce860ea3cc1f6beac04ac7721ca15f30795957fb35333623c76f
-
SHA512
f1fdba22e8f065e57fcfd468fe1e8afb40bf7e279919084ac32e1f085ef9b3d033e1462fa4295430bee063e9f0d7510899766f23abe3b4cb9121706bd4c9c2c4
-
SSDEEP
98304:xx6lXt2M6z/UsjaVs9jZ0WgH8zcinUP2yWkIy8vE:xx6dn6znXjCW1AiUeoaM
Score10/10-
Detect Xworm Payload
-
Xworm
Xworm is a remote access trojan written in C#.
-
Xworm family
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-