General
-
Target
cf6cab6b405f7e849e6585f6f4c1ae3fd155b75d8ceb197bd0cf46a9b4c5f91b.hta
-
Size
834B
-
Sample
240403-cdt5zach47
-
MD5
e81963d4c5a431f529c7669d3595a943
-
SHA1
82ac49f24caad73263ae461a2c1c7546b1ba9ded
-
SHA256
cf6cab6b405f7e849e6585f6f4c1ae3fd155b75d8ceb197bd0cf46a9b4c5f91b
-
SHA512
2ba83def4a81ede89bd54a5c0d4b4592985c13a10507b9a2dfb45c46e6e234d54dc14f98562eb2d3d3766e28290e83175c098a6203dd52effacc0176da7bb209
Static task
static1
Behavioral task
behavioral1
Sample
cf6cab6b405f7e849e6585f6f4c1ae3fd155b75d8ceb197bd0cf46a9b4c5f91b.hta
Resource
win7-20240221-en
Malware Config
Extracted
xworm
210.246.215.82:7000
-
Install_directory
%ProgramData%
-
install_file
WindowsNT.exe
Targets
-
-
Target
cf6cab6b405f7e849e6585f6f4c1ae3fd155b75d8ceb197bd0cf46a9b4c5f91b.hta
-
Size
834B
-
MD5
e81963d4c5a431f529c7669d3595a943
-
SHA1
82ac49f24caad73263ae461a2c1c7546b1ba9ded
-
SHA256
cf6cab6b405f7e849e6585f6f4c1ae3fd155b75d8ceb197bd0cf46a9b4c5f91b
-
SHA512
2ba83def4a81ede89bd54a5c0d4b4592985c13a10507b9a2dfb45c46e6e234d54dc14f98562eb2d3d3766e28290e83175c098a6203dd52effacc0176da7bb209
-
Detect Xworm Payload
-
Detects Windows executables referencing non-Windows User-Agents
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-