General
-
Target
3532r32r23r.exe
-
Size
14.6MB
-
Sample
240629-rfgpzssbmm
-
MD5
6400c47c46b570df48ad0a3be8086987
-
SHA1
143f9a486f2f5dbd4acfe14a7040311d57003186
-
SHA256
00451dfa1119d2d74b8e4af87a4ef92701531174290f1a1080447ed83e418e41
-
SHA512
82882eb93120e98ab868a7286a1a955802697408105ecee5357de07b9d88a4cf5395df7b169ab9bbc0ea2c19de57ed07b9998a9d83c191027056ac8972eb6fb9
-
SSDEEP
393216:356DPbRxG7LJkYpZBqAfQrlHzbpfnA5na6kZck8E1mKx8G:qTzGaYZqAfQ9zJnA9U9EzG
Static task
static1
Behavioral task
behavioral1
Sample
3532r32r23r.exe
Resource
win11-20240611-en
Malware Config
Extracted
xworm
having-turn.gl.at.ply.gg:18080
-
Install_directory
%AppData%
-
install_file
windowsservice.exe
Targets
-
-
Target
3532r32r23r.exe
-
Size
14.6MB
-
MD5
6400c47c46b570df48ad0a3be8086987
-
SHA1
143f9a486f2f5dbd4acfe14a7040311d57003186
-
SHA256
00451dfa1119d2d74b8e4af87a4ef92701531174290f1a1080447ed83e418e41
-
SHA512
82882eb93120e98ab868a7286a1a955802697408105ecee5357de07b9d88a4cf5395df7b169ab9bbc0ea2c19de57ed07b9998a9d83c191027056ac8972eb6fb9
-
SSDEEP
393216:356DPbRxG7LJkYpZBqAfQrlHzbpfnA5na6kZck8E1mKx8G:qTzGaYZqAfQ9zJnA9U9EzG
-
Detect Xworm Payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-