General
-
Target
TS-240402-UF1.exe
-
Size
266KB
-
Sample
240402-wxnl3she48
-
MD5
b6025357a4307501d65a2a989d8857cd
-
SHA1
0cf8b11e59b95e53e98a70753100cc7e0650eb16
-
SHA256
e9221099bc03b023dc78d936917224fbd287e48a3d9af940fdfb983fa20699b4
-
SHA512
9a40f5fb878fee67d21ecde2c39df99b752cd4704e14344d82671996dfce5571fd48fc61832c838453013532775aad8071a9d353dea39cfad65b34a80e95e97d
-
SSDEEP
3072:Z6zXpB76ecJuG7qnBnZ1a+Cs9a7tDYwXLW1ADwJbIifwHqDSIbciWszURuFS9yA/:Yr6ebGUFha7tIADybIifwxmU6qnD9p
Static task
static1
Behavioral task
behavioral1
Sample
TS-240402-UF1.exe
Resource
win7-20240215-en
Malware Config
Extracted
xworm
5.0
103.10.69.73:7000
oLq3CUBoyGamKNDd
-
install_file
USB.exe
Targets
-
-
Target
TS-240402-UF1.exe
-
Size
266KB
-
MD5
b6025357a4307501d65a2a989d8857cd
-
SHA1
0cf8b11e59b95e53e98a70753100cc7e0650eb16
-
SHA256
e9221099bc03b023dc78d936917224fbd287e48a3d9af940fdfb983fa20699b4
-
SHA512
9a40f5fb878fee67d21ecde2c39df99b752cd4704e14344d82671996dfce5571fd48fc61832c838453013532775aad8071a9d353dea39cfad65b34a80e95e97d
-
SSDEEP
3072:Z6zXpB76ecJuG7qnBnZ1a+Cs9a7tDYwXLW1ADwJbIifwHqDSIbciWszURuFS9yA/:Yr6ebGUFha7tIADybIifwxmU6qnD9p
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Detect Xworm Payload
-
StormKitty payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-