General
-
Target
4068-b5a63e850a.exe
-
Size
1.2MB
-
Sample
240419-11ln4shf2y
-
MD5
342a7e60e3f8f8791b3dd9644b93dee0
-
SHA1
121d05ca9da60a4515f46631de63c4f75dc7b3ef
-
SHA256
c117ef22e808617d41b198ea747f076544fe76f462daed5661fb82f5e961a53a
-
SHA512
1f41e89bc33885295b78926df1dc439cddd071568834cfa0326545eff8a77ff5fffbe44def1ae4aed85beb64a4ac367c91bacae524727f770e57eb0a81b17881
-
SSDEEP
12288:pv0nlOSP8S/Ek52ZxaXGu16UX6wcRtTShzG9IlaNr/PC4e4vKvwCz2aaOWHdWs/+:p0kg/b5pXGWDXuOl3vbBpj/5Mm52e+
Static task
static1
Behavioral task
behavioral1
Sample
4068-b5a63e850a.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4068-b5a63e850a.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
xworm
Secretly512-24905.portmap.host:24905
-
Install_directory
%LocalAppData%
-
install_file
USB.exe
Targets
-
-
Target
4068-b5a63e850a.exe
-
Size
1.2MB
-
MD5
342a7e60e3f8f8791b3dd9644b93dee0
-
SHA1
121d05ca9da60a4515f46631de63c4f75dc7b3ef
-
SHA256
c117ef22e808617d41b198ea747f076544fe76f462daed5661fb82f5e961a53a
-
SHA512
1f41e89bc33885295b78926df1dc439cddd071568834cfa0326545eff8a77ff5fffbe44def1ae4aed85beb64a4ac367c91bacae524727f770e57eb0a81b17881
-
SSDEEP
12288:pv0nlOSP8S/Ek52ZxaXGu16UX6wcRtTShzG9IlaNr/PC4e4vKvwCz2aaOWHdWs/+:p0kg/b5pXGWDXuOl3vbBpj/5Mm52e+
Score10/10-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-