General
-
Target
ee1f7f277b11131515ae90942fa1b3464d576f7a9d3608554610e18c86218c68.zip
-
Size
405KB
-
Sample
240428-cng86aea32
-
MD5
67618e19823483f6699f73e018d15372
-
SHA1
757bc399f62c92c33d7962a277de376554480fa6
-
SHA256
ee1f7f277b11131515ae90942fa1b3464d576f7a9d3608554610e18c86218c68
-
SHA512
20d6d88428d3939768a63446aeb573384ba816946716e6c729bc58e9eaeb5b36b57266b726d93f3985ddd269d8a4ce9529e042fe5bff8010a3458807ef0fd23c
-
SSDEEP
1536:3hjn9ZCI0zg0E1HOiIsUU5eX9M9PXpne6+wUyAe5q:37ZVQDiIsUU529cZnIwUneq
Static task
static1
Behavioral task
behavioral1
Sample
fresh.exe
Resource
win7-20240221-en
Malware Config
Extracted
xworm
5.0
vbdsg.duckdns.org:8896
GgQUWuMVOC7DAikW
-
install_file
USB.exe
Targets
-
-
Target
fresh.exe
-
Size
345.0MB
-
MD5
33f67337db523a8a1610dc39702e6a9e
-
SHA1
67783aaeb5499cd450094c5f1d20c15a4017e903
-
SHA256
9f0c26a9ee59081531ac9c4d5cca894cf9933e4fdbb6cc9cb9db4a614c79bb91
-
SHA512
da148c37f5631dc94ef545cdccf95f7c8aa59cd5d49666982333082c05ebf9a1cc27c4f64dd117408fe1b49a65a588fdc034ffa8cba187f461cc372c5c8e0602
-
SSDEEP
1536:fJZhM+Qw6/iPxFPP3t/zzdnr8EI5jayp3z3hXdmd30RrSkbiKyhz5u36UU5eX9Mk:++SrvbvyZg6UU529cI1VoheH
-
Detect Xworm Payload
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects executables packed with SmartAssembly
-
Suspicious use of SetThreadContext
-