General
-
Target
3f0fcbdd7f5c4dc08e898f875350e448f1a34c0be9bc5c84761e0df460a68cde_NeikiAnalytics.exe
-
Size
76KB
-
Sample
240701-h5htxayglc
-
MD5
bfa88d3a412b0ec251154107940ca850
-
SHA1
ba36a31c88cf6692730a41bed935369d4cb0f8e7
-
SHA256
3f0fcbdd7f5c4dc08e898f875350e448f1a34c0be9bc5c84761e0df460a68cde
-
SHA512
5e5ebb8de9e0cf4b95cf74be3bf547f7cec32cf9179303e19d592f907fb8870094024f9f5a2411f6f4d28b246406da692d7b6393c84c2504852408a618892689
-
SSDEEP
1536:rlTqvQbR1gDaiGyjM+bmnZ9U6wbOZqggPMl9:rVLgDagjM+bmnWOAg9z
Behavioral task
behavioral1
Sample
3f0fcbdd7f5c4dc08e898f875350e448f1a34c0be9bc5c84761e0df460a68cde_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
3f0fcbdd7f5c4dc08e898f875350e448f1a34c0be9bc5c84761e0df460a68cde_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
xworm
91.92.255.37:1111
-
Install_directory
%AppData%
-
install_file
XClient.exe
Targets
-
-
Target
3f0fcbdd7f5c4dc08e898f875350e448f1a34c0be9bc5c84761e0df460a68cde_NeikiAnalytics.exe
-
Size
76KB
-
MD5
bfa88d3a412b0ec251154107940ca850
-
SHA1
ba36a31c88cf6692730a41bed935369d4cb0f8e7
-
SHA256
3f0fcbdd7f5c4dc08e898f875350e448f1a34c0be9bc5c84761e0df460a68cde
-
SHA512
5e5ebb8de9e0cf4b95cf74be3bf547f7cec32cf9179303e19d592f907fb8870094024f9f5a2411f6f4d28b246406da692d7b6393c84c2504852408a618892689
-
SSDEEP
1536:rlTqvQbR1gDaiGyjM+bmnZ9U6wbOZqggPMl9:rVLgDagjM+bmnWOAg9z
Score10/10-
Detect Xworm Payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1