General
-
Target
301cae9576ee15a2f86fb974a8683d57.bin
-
Size
18KB
-
Sample
240420-bgt4psdb8v
-
MD5
f9091fc6dce7565b1ba1b525d676a17d
-
SHA1
a5e3ceea13470721aa98615ef905efe16471f7d7
-
SHA256
07e43d8e55f4e34cbb4a8afc1a4524b296aacca6a0765462c481b831ee6ab42e
-
SHA512
8ad3cd93b2f1bd41fc9c68d2fc67fc3fd0c547195806730e3b04220d7048235ed50ad5d0d40b425b8b2963bd10855381f59914e22f38bed234f284f511a23556
-
SSDEEP
384:/pFrG/nOVtYqIYvzQOSl5K0Ej/MyRwpGR3p/GafYcYrU:/LrmzqI3OgQEpGRNGncYY
Static task
static1
Behavioral task
behavioral1
Sample
04e2b3bc57598265f2410a36ae3bea12b4b649bf9723db064ce2c297f2cff693.vbs
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
04e2b3bc57598265f2410a36ae3bea12b4b649bf9723db064ce2c297f2cff693.vbs
Resource
win10v2004-20240412-en
Malware Config
Extracted
xworm
3.1
aprilxrwo8450.duckdns.org:8450
qF5e3kU5MtcMqia2
-
install_file
USB.exe
Targets
-
-
Target
04e2b3bc57598265f2410a36ae3bea12b4b649bf9723db064ce2c297f2cff693.vbs
-
Size
111KB
-
MD5
301cae9576ee15a2f86fb974a8683d57
-
SHA1
a397ff4172a2fa6ccd1b11b2d4a07c74a5543310
-
SHA256
04e2b3bc57598265f2410a36ae3bea12b4b649bf9723db064ce2c297f2cff693
-
SHA512
f2216a07fc86ac3f3c9040315fb42e8773f999662d6b14c557a647a282742027be9a5d79eb0e102297582e7ad2f6db48ca165bfee920311029683442bac79591
-
SSDEEP
1536:cG2ctiU1lBHFcJUJI+YZb5bJ9Gmgz/+rtfRDFqGb5uJZUU0tKl9CP8Z:cG2BU1DHFUGmgURDFBe0tKl9CP4
Score10/10-
Detect Xworm Payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-