General
-
Target
f6bc727b25a9d6d15f62d459f2d875d0.bin
-
Size
30KB
-
Sample
240701-erp5aawbqg
-
MD5
ca8145a840ced9890d309a57ce312fa1
-
SHA1
2defa0142048dc4adebe1a5eb5cc1a38ffe8d522
-
SHA256
f57974b92cbd62b205f91032622fed6962964b883750fb8c7454583e38bb9d85
-
SHA512
6154aeeca7754531025aa6f14f9a35faffad41d801379594afe585b47c55b41b870bec153ef1fe758b3bd8a7137ff6b072ab94f760bd83218c2e902104795b2d
-
SSDEEP
768:+MtjUUHOqP5O+92Hc7azdWKpuVp0iGQSamKMAN6R9OL9xyujVwWY:+MtjUUutW2Hc7e5iVmA6/EOeY
Behavioral task
behavioral1
Sample
04f28f4975a7ff3cb3439b65b8d2fad8e99e3431b65be0e065c194908459790e.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
04f28f4975a7ff3cb3439b65b8d2fad8e99e3431b65be0e065c194908459790e.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xworm
5.0
modern-educators.gl.at.ply.gg:23695
lu0xD4CO1T8ycPIn
-
Install_directory
%Userprofile%
-
install_file
USB.exe
Targets
-
-
Target
04f28f4975a7ff3cb3439b65b8d2fad8e99e3431b65be0e065c194908459790e.exe
-
Size
297KB
-
MD5
f6bc727b25a9d6d15f62d459f2d875d0
-
SHA1
a7502f6990fc98c4f634ec3e995cc7f443487b13
-
SHA256
04f28f4975a7ff3cb3439b65b8d2fad8e99e3431b65be0e065c194908459790e
-
SHA512
b0847c9b037ad9f2cffee62cd6f3193580e4e0950d0a3a1fbf6611df42474a511d30065f41cbdbaaf4360a6c61719b7d3f10692efac762d1a80f6311d42eb12a
-
SSDEEP
1536:vB5uVw89wt2v7Fz9fyOjAEx93MDbT0f5aX2:v++tov7Fz9fyOjOQxK2
Score10/10-
Detect Xworm Payload
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-