General
-
Target
Runtime_Broker.bat
-
Size
272KB
-
Sample
240419-xq1thadf2z
-
MD5
72a727ab70c538ce90817288c1b37452
-
SHA1
a095af10523110e887c1b199abf157857bce32ac
-
SHA256
823a46b99ae7f1302e71de1b375e40c721481d7f69779a25cb0b15b53564f3cd
-
SHA512
61228347d58088dc7f12a4e5246075a9baf504421ef308aac0ba11b48ab3e55dba6f5475854ca2ff83504802e9b0d19aecf68cd8e144a3cc1b593a54c2d22217
-
SSDEEP
6144:gK4e1skyYUV3FEivyHLB2KSM4dWeD0SGb9i3oqWs:gM5yYUVSivMLB2KSM4wedIabf
Static task
static1
Behavioral task
behavioral1
Sample
Runtime_Broker.bat
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Runtime_Broker.bat
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
Runtime_Broker.bat
-
Size
272KB
-
MD5
72a727ab70c538ce90817288c1b37452
-
SHA1
a095af10523110e887c1b199abf157857bce32ac
-
SHA256
823a46b99ae7f1302e71de1b375e40c721481d7f69779a25cb0b15b53564f3cd
-
SHA512
61228347d58088dc7f12a4e5246075a9baf504421ef308aac0ba11b48ab3e55dba6f5475854ca2ff83504802e9b0d19aecf68cd8e144a3cc1b593a54c2d22217
-
SSDEEP
6144:gK4e1skyYUV3FEivyHLB2KSM4dWeD0SGb9i3oqWs:gM5yYUVSivMLB2KSM4wedIabf
Score10/10-
Detect Xworm Payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-