General
-
Target
9e3665d6a874aac158d2186fada88ab8e3811c4005750d213f7cad5002236a98
-
Size
47KB
-
Sample
240419-vn81zsba4w
-
MD5
61353027e82607cb76c478fe12e64fa8
-
SHA1
4c7252f40a0a8868c574a9937ef5bd7f7fb172ad
-
SHA256
9e3665d6a874aac158d2186fada88ab8e3811c4005750d213f7cad5002236a98
-
SHA512
8008ce7a585968feb3a64f51e978047fac692eb23bef15a6beb95d02e5e2deaa391a7f829f056086ca6a5b926018922cc984bdd1f417855c264f5f862a25670a
-
SSDEEP
768:t2QS3CREpCyQo8PejfW25UrFXdxx5ki8mEDSPPVyaisiDfbvQqE1YTz:ZoxtuyUp3cmEePPVy3jDbIqE2Tz
Behavioral task
behavioral1
Sample
0a04a206bf7a4c0ce202d61c08838494893bbd785895ca7d15e51f881127bf7a.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0a04a206bf7a4c0ce202d61c08838494893bbd785895ca7d15e51f881127bf7a.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xworm
3.1
15.228.35.69:5000
-
Install_directory
%ProgramData%
-
install_file
USB.exe
Targets
-
-
Target
0a04a206bf7a4c0ce202d61c08838494893bbd785895ca7d15e51f881127bf7a.exe
-
Size
77KB
-
MD5
8e19a376693b14081ad064bbf0b34792
-
SHA1
c1006002d164fcde728967d3489b393282a0e526
-
SHA256
0a04a206bf7a4c0ce202d61c08838494893bbd785895ca7d15e51f881127bf7a
-
SHA512
1d61c69b2e47b8d55b7da1a5eeb74decc3aac8eafce6f396d9ba7621cdf196a638f854834adb8d47acb5e51c30c9f4c75c9132332cf3cacf3dfa0d288d973759
-
SSDEEP
1536:Wjkzg4v+SOTAP5aMeEj7QEvitoklZq7lbZb3ECWpbrUuIb2d+hOvHUgomEreP:dEEjL75aOSZqbZb3Et8u/+hOMgBPP
Score10/10-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-