General
-
Target
Orbit_Crack.bat
-
Size
259KB
-
Sample
240427-mnkpdshd5s
-
MD5
1ccd59dd2bbf3dc838039654fed99860
-
SHA1
1d27c800b05db1f244afeaab7cd6f79549af0ff8
-
SHA256
d3dea32d8b022205401a7d5023c1fb63577021b8c38d1b8af43e166fbaa15b24
-
SHA512
58f44f000191551055f4d4fe001e4471ee2b8292cdecd14a6548d5917d78f886a92f4764ab9aea6273755c3da95d2bd0108350d3e11273f729759f140943fb4c
-
SSDEEP
6144:AE29oanve5LJRxPZ9Q9lgj3B8BlKcurMBZoE589vlwaSIS:AVI5dP89yjGlKcCcasd
Static task
static1
Behavioral task
behavioral1
Sample
Orbit_Crack.bat
Resource
win10v2004-20240426-en
Malware Config
Extracted
xworm
5.0
youth-oecd.gl.at.ply.gg:37887
irLH7SnIzjCRjwMK
-
Install_directory
%Userprofile%
-
install_file
USB.exe
Targets
-
-
Target
Orbit_Crack.bat
-
Size
259KB
-
MD5
1ccd59dd2bbf3dc838039654fed99860
-
SHA1
1d27c800b05db1f244afeaab7cd6f79549af0ff8
-
SHA256
d3dea32d8b022205401a7d5023c1fb63577021b8c38d1b8af43e166fbaa15b24
-
SHA512
58f44f000191551055f4d4fe001e4471ee2b8292cdecd14a6548d5917d78f886a92f4764ab9aea6273755c3da95d2bd0108350d3e11273f729759f140943fb4c
-
SSDEEP
6144:AE29oanve5LJRxPZ9Q9lgj3B8BlKcurMBZoE589vlwaSIS:AVI5dP89yjGlKcCcasd
Score10/10-
Detect Xworm Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-