General
-
Target
dcf2d18e022b2069a9e9a9d4190af36473fd358e3f9a413d723dd094e1fe9c4e
-
Size
140KB
-
Sample
240329-d7wrbshd38
-
MD5
b5642f631eacf6181b07ee24979e4e59
-
SHA1
9769ca4adf8ddf7101ed629eac53c13bc031678b
-
SHA256
dcf2d18e022b2069a9e9a9d4190af36473fd358e3f9a413d723dd094e1fe9c4e
-
SHA512
8107cf2e6056d614dec1bd44c37e32e12ac1f2b9c20c403f711c212b13461b83a2400e868fa218678506bcf970119d9e02727ed4c4c25b93003d5cedc2876078
-
SSDEEP
3072:YhBRY3+fJ5v5+bppA7aUEOCyXpeOwNMSqoKXNvuZAFDqXzFzQ+:CYOfJ5YbpAg6WNMS2du21qXx
Behavioral task
behavioral1
Sample
dcf2d18e022b2069a9e9a9d4190af36473fd358e3f9a413d723dd094e1fe9c4e.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
dcf2d18e022b2069a9e9a9d4190af36473fd358e3f9a413d723dd094e1fe9c4e.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xworm
ipv4.3utilities.com:7000
-
Install_directory
%LocalAppData%
-
install_file
Display Control Panel.exe
Targets
-
-
Target
dcf2d18e022b2069a9e9a9d4190af36473fd358e3f9a413d723dd094e1fe9c4e
-
Size
140KB
-
MD5
b5642f631eacf6181b07ee24979e4e59
-
SHA1
9769ca4adf8ddf7101ed629eac53c13bc031678b
-
SHA256
dcf2d18e022b2069a9e9a9d4190af36473fd358e3f9a413d723dd094e1fe9c4e
-
SHA512
8107cf2e6056d614dec1bd44c37e32e12ac1f2b9c20c403f711c212b13461b83a2400e868fa218678506bcf970119d9e02727ed4c4c25b93003d5cedc2876078
-
SSDEEP
3072:YhBRY3+fJ5v5+bppA7aUEOCyXpeOwNMSqoKXNvuZAFDqXzFzQ+:CYOfJ5YbpAg6WNMS2du21qXx
-
Detect Xworm Payload
-
StormKitty payload
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing credit card regular expressions
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-