General
-
Target
Playit Free.bat
-
Size
292KB
-
Sample
240704-ql932sxdpp
-
MD5
2bac01a226b5c7b08de93311ab9905d5
-
SHA1
48144153d2ca3d9cc7e27506b3d1923c9d80cc7a
-
SHA256
bf73489935f2d196e04d1eb012f3c8ab16263fb3d005aac58d63322313db1186
-
SHA512
96f50b01f8c69befabbb307c5e4b58e304ec5d8339c9cca4bf927add6ec9f912ca4c87f5e13ec3c34737e47a7ab35d15de32c4b8b84c11e05dccfc9b5ce3f7f6
-
SSDEEP
6144:JLbgUUyQ6VV3W7bmjOk8Cl/iZYwD6rjwY+H+4hjhphHCxsu:JLbgPyQ6z3DOERkDUIHLlJu
Static task
static1
Malware Config
Extracted
xworm
super-nearest.gl.at.ply.gg:17835
best-bird.gl.at.ply.gg:27196
wiz.bounceme.net:6000
-
install_file
USB.exe
Extracted
asyncrat
Default
finally-grande.gl.at.ply.gg:25844
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Playit Free.bat
-
Size
292KB
-
MD5
2bac01a226b5c7b08de93311ab9905d5
-
SHA1
48144153d2ca3d9cc7e27506b3d1923c9d80cc7a
-
SHA256
bf73489935f2d196e04d1eb012f3c8ab16263fb3d005aac58d63322313db1186
-
SHA512
96f50b01f8c69befabbb307c5e4b58e304ec5d8339c9cca4bf927add6ec9f912ca4c87f5e13ec3c34737e47a7ab35d15de32c4b8b84c11e05dccfc9b5ce3f7f6
-
SSDEEP
6144:JLbgUUyQ6VV3W7bmjOk8Cl/iZYwD6rjwY+H+4hjhphHCxsu:JLbgPyQ6z3DOERkDUIHLlJu
-
Detect Xworm Payload
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-