General
-
Target
ggfgfdgdgdfgfdfg.bat
-
Size
19.7MB
-
Sample
240629-rkwdyasckj
-
MD5
a37537e2c33d5788257345c238a3ba8d
-
SHA1
846e41b5e3a5f80cdde2630fb0af9a7db30f6334
-
SHA256
c39bf673cd695b5fbd43a81acf83d7ba3cc3bdced6fcde78a28c690d713d2c15
-
SHA512
5c790608c62d9f393ff3d4cc12f763f0bd0b8d264be63ab95ea3a293ebc8453c05bb9d3b21c715f9cd853a646ae46d1ec741347faf11fc588bb9700d181da532
-
SSDEEP
49152:qcJxf6BAY9wQBHBFVn+GndStbB7hbbtrmRXGXu7ZxgxHKwav6sKyM4qq5gkQY0t9:qK
Static task
static1
Behavioral task
behavioral1
Sample
ggfgfdgdgdfgfdfg.bat
Resource
win11-20240508-en
Malware Config
Extracted
xworm
having-turn.gl.at.ply.gg:18080
-
Install_directory
%AppData%
-
install_file
windowsservice.exe
Targets
-
-
Target
ggfgfdgdgdfgfdfg.bat
-
Size
19.7MB
-
MD5
a37537e2c33d5788257345c238a3ba8d
-
SHA1
846e41b5e3a5f80cdde2630fb0af9a7db30f6334
-
SHA256
c39bf673cd695b5fbd43a81acf83d7ba3cc3bdced6fcde78a28c690d713d2c15
-
SHA512
5c790608c62d9f393ff3d4cc12f763f0bd0b8d264be63ab95ea3a293ebc8453c05bb9d3b21c715f9cd853a646ae46d1ec741347faf11fc588bb9700d181da532
-
SSDEEP
49152:qcJxf6BAY9wQBHBFVn+GndStbB7hbbtrmRXGXu7ZxgxHKwav6sKyM4qq5gkQY0t9:qK
-
Detect Xworm Payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-