General
-
Target
a.mp3
-
Size
146KB
-
Sample
230326-pqm9eaad9s
-
MD5
dbaafddd62e8880e074d25d56f1b8eeb
-
SHA1
74133271577329144562f9cdc50c8b1698b401b7
-
SHA256
84bf179cf928c716bf6f7b0aad97772a56159abdc39e8ba8c4993cf5c45e457e
-
SHA512
a63155cd4f85d30a304c2a908d0725246d276fd87ca46654409c2546513231de1ded7a04c26edcfca6481a5cda1ab37a6956a17beeb16e949dcd839a486b6a66
-
SSDEEP
1536:j89r/aDcWJwG0mtvR/Eg5dfT1Ph+9PEa6UJCw4GEMofk0i:Ktci
Static task
static1
Behavioral task
behavioral1
Sample
a.vbs
Resource
win7-20230220-en
Malware Config
Extracted
xworm
212.87.204.124:5555
BtADXFpcTwggF8mG
-
install_file
USB.exe
Targets
-
-
Target
a.mp3
-
Size
146KB
-
MD5
dbaafddd62e8880e074d25d56f1b8eeb
-
SHA1
74133271577329144562f9cdc50c8b1698b401b7
-
SHA256
84bf179cf928c716bf6f7b0aad97772a56159abdc39e8ba8c4993cf5c45e457e
-
SHA512
a63155cd4f85d30a304c2a908d0725246d276fd87ca46654409c2546513231de1ded7a04c26edcfca6481a5cda1ab37a6956a17beeb16e949dcd839a486b6a66
-
SSDEEP
1536:j89r/aDcWJwG0mtvR/Eg5dfT1Ph+9PEa6UJCw4GEMofk0i:Ktci
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-