General
-
Target
Seliware.zip
-
Size
5.1MB
-
Sample
250702-x5ybxsgj9z
-
MD5
6c34ff0cbbf89ba4d024738f9c02d2d7
-
SHA1
ad3b1dc665d47574e0bb609af318853900c0d58c
-
SHA256
93b147eb9ab24c2a3db94b7d7b75013f569d60ee55c89ab362daa60205a54a2a
-
SHA512
525125885a71592a9f820b99a9bdf3fbd9a920f4fd14e7206a6e06ff7280a801e9494fb054ca4c81878ee152e6c8cf1d44d9fc512b91ce2d9d23a38414788bba
-
SSDEEP
98304:Y3Qp7BelX4mUoJK8p5PO+nlZFJd+dNCAcBqFRyBNj3PW4xHSR:YudM4VoJKyPOod+dEBWR2j3pHSR
Malware Config
Extracted
xworm
educational-scores.gl.at.ply.gg:53465
-
Install_directory
%AppData%
-
install_file
svchost.exe
-
telegram
https://api.telegram.org/bot7747512039:AAE82CvJd42E5_bXF5pw1ilKYqA20mlvK44/sendMessage?chat_id=7476312671
Targets
-
-
Target
Seliware.zip
-
Size
5.1MB
-
MD5
6c34ff0cbbf89ba4d024738f9c02d2d7
-
SHA1
ad3b1dc665d47574e0bb609af318853900c0d58c
-
SHA256
93b147eb9ab24c2a3db94b7d7b75013f569d60ee55c89ab362daa60205a54a2a
-
SHA512
525125885a71592a9f820b99a9bdf3fbd9a920f4fd14e7206a6e06ff7280a801e9494fb054ca4c81878ee152e6c8cf1d44d9fc512b91ce2d9d23a38414788bba
-
SSDEEP
98304:Y3Qp7BelX4mUoJK8p5PO+nlZFJd+dNCAcBqFRyBNj3PW4xHSR:YudM4VoJKyPOod+dEBWR2j3pHSR
-
Detect Xworm Payload
-
Xworm family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-