General
-
Target
2024-05-21_13510ee957b93e9bc0d5f5f1ea2e981f_snatch
-
Size
11.8MB
-
Sample
240521-qpwd3afe8y
-
MD5
13510ee957b93e9bc0d5f5f1ea2e981f
-
SHA1
befa9cebba6fb51d96543a079cfbb9fc08cd4dde
-
SHA256
13cee60c3b7075748252bda9170f1ef4bf89aa7a051669f4a359f65cfa59f7fc
-
SHA512
835e72432560d08d71abfe544ac712fc9c32d5d36185dff9b6282833f681237dc707889f7f93df58467a4402ee7a50522a2f46a3361e70be2ea521883c1b80f2
-
SSDEEP
196608:d/1NeAhlsGbOd4TPgUwrOZA0TQWKzpKhS/:dje8XbVTPgUwqZNxhS/
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-21_13510ee957b93e9bc0d5f5f1ea2e981f_snatch.exe
Resource
win7-20240215-en
Malware Config
Extracted
xworm
5.0
20.206.207.64:7000
3fx4DGwKa2tqA8ov
-
install_file
USB.exe
Targets
-
-
Target
2024-05-21_13510ee957b93e9bc0d5f5f1ea2e981f_snatch
-
Size
11.8MB
-
MD5
13510ee957b93e9bc0d5f5f1ea2e981f
-
SHA1
befa9cebba6fb51d96543a079cfbb9fc08cd4dde
-
SHA256
13cee60c3b7075748252bda9170f1ef4bf89aa7a051669f4a359f65cfa59f7fc
-
SHA512
835e72432560d08d71abfe544ac712fc9c32d5d36185dff9b6282833f681237dc707889f7f93df58467a4402ee7a50522a2f46a3361e70be2ea521883c1b80f2
-
SSDEEP
196608:d/1NeAhlsGbOd4TPgUwrOZA0TQWKzpKhS/:dje8XbVTPgUwqZNxhS/
-
Detect Xworm Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Detects Windows executables referencing non-Windows User-Agents
-
Uses the VBS compiler for execution
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-