General
-
Target
Image Logger Hybrid V4.exe
-
Size
126KB
-
Sample
240630-xqax3swdnr
-
MD5
6d103c685ef0960fab6eca5bf4617583
-
SHA1
ea11a8ba30f54015d71ed646fbd14b8800fc2e3f
-
SHA256
77d041474b58f2142077c3da4fc2d64c29a40eb400410c784e2606647028fa3f
-
SHA512
2429d67cf73056d496ff4cff2b8a72e2bc643201616b969464543580bd027366e13c51fda4161e319af122fa22c088c1ec737e87e8528e09b4e450d84755732d
-
SSDEEP
3072:RMSncRzAOLeCyRuZA3A+bZ5FFOOszPAv:ySncRl3Zebv
Behavioral task
behavioral1
Sample
Image Logger Hybrid V4.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
xworm
-
Install_directory
%AppData%
-
install_file
dllhost.exe
Targets
-
-
Target
Image Logger Hybrid V4.exe
-
Size
126KB
-
MD5
6d103c685ef0960fab6eca5bf4617583
-
SHA1
ea11a8ba30f54015d71ed646fbd14b8800fc2e3f
-
SHA256
77d041474b58f2142077c3da4fc2d64c29a40eb400410c784e2606647028fa3f
-
SHA512
2429d67cf73056d496ff4cff2b8a72e2bc643201616b969464543580bd027366e13c51fda4161e319af122fa22c088c1ec737e87e8528e09b4e450d84755732d
-
SSDEEP
3072:RMSncRzAOLeCyRuZA3A+bZ5FFOOszPAv:ySncRl3Zebv
Score10/10-
Detect Xworm Payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1