General
-
Target
YoutuberSim.exe
-
Size
41KB
-
Sample
240503-w5zz3sda5t
-
MD5
80c246b87898e0d5fe222de1e847649d
-
SHA1
6e66e5c904bbb12da1ca0256665cb49c50585708
-
SHA256
5c2fd2a77afa5180db4c4da112c59aea66122cda903bbeefc6757f54b6b5528b
-
SHA512
d4b1c63f65bad9514b94bc4d3cc43ca49adc98a1b9dab40d10a0a158197ffa157aede9792c42c3375a7ad7ad97acc94d14f55658aa2a68ea46f3370ebf4e833b
-
SSDEEP
768:AnYoD/rMRbLOAGIeA0ol5tdxTUbGsF5PG9WP0WOwhO35uO:aTIjGIxtlbwlFI9WP0WOwMoO
Behavioral task
behavioral1
Sample
YoutuberSim.exe
Resource
win11-20240426-en
Malware Config
Extracted
xworm
5.0
BnQoxDZzN0M2ZhyJ
-
Install_directory
%AppData%
-
install_file
HumanFallFlat.exe
-
pastebin_url
https://pastebin.com/raw/cLi4Nvx0
Targets
-
-
Target
YoutuberSim.exe
-
Size
41KB
-
MD5
80c246b87898e0d5fe222de1e847649d
-
SHA1
6e66e5c904bbb12da1ca0256665cb49c50585708
-
SHA256
5c2fd2a77afa5180db4c4da112c59aea66122cda903bbeefc6757f54b6b5528b
-
SHA512
d4b1c63f65bad9514b94bc4d3cc43ca49adc98a1b9dab40d10a0a158197ffa157aede9792c42c3375a7ad7ad97acc94d14f55658aa2a68ea46f3370ebf4e833b
-
SSDEEP
768:AnYoD/rMRbLOAGIeA0ol5tdxTUbGsF5PG9WP0WOwhO35uO:aTIjGIxtlbwlFI9WP0WOwMoO
-
Detect Xworm Payload
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
StormKitty payload
-
ModiLoader First Stage
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1