General
-
Target
Empyrean-Executor.bat
-
Size
291KB
-
Sample
240420-bq4phacf85
-
MD5
b3b18baa9f3a27779f41b4f2465b6f7b
-
SHA1
612dff548e746bba28bd1f6f6c79d4eac5ffa683
-
SHA256
dccb78d52b8751e88346a8d71073e0628ac6dcc9bd92bb43ff97add544c3c52f
-
SHA512
01ad198e89e7ad462f5de3477e47bcc954df54d5b2a16782920c962b6aa9407601ab2d05950a2178c3cdcfb50807775a7cd50ab97b50ef396355b5181de72c64
-
SSDEEP
6144:g2KLQmfX27kumsXOl9iVtkgo3k5U4gAaJTUT:gbLJz5sXw96kgoUW4gAiTi
Static task
static1
Behavioral task
behavioral1
Sample
Empyrean-Executor.bat
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Empyrean-Executor.bat
Resource
win10v2004-20240412-en
Malware Config
Extracted
xworm
Secretly512-24905.portmap.host:24905
-
Install_directory
%LocalAppData%
-
install_file
USB.exe
Targets
-
-
Target
Empyrean-Executor.bat
-
Size
291KB
-
MD5
b3b18baa9f3a27779f41b4f2465b6f7b
-
SHA1
612dff548e746bba28bd1f6f6c79d4eac5ffa683
-
SHA256
dccb78d52b8751e88346a8d71073e0628ac6dcc9bd92bb43ff97add544c3c52f
-
SHA512
01ad198e89e7ad462f5de3477e47bcc954df54d5b2a16782920c962b6aa9407601ab2d05950a2178c3cdcfb50807775a7cd50ab97b50ef396355b5181de72c64
-
SSDEEP
6144:g2KLQmfX27kumsXOl9iVtkgo3k5U4gAaJTUT:gbLJz5sXw96kgoUW4gAiTi
Score10/10-
Detect Xworm Payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-