General
-
Target
zap.cmd
-
Size
6KB
-
Sample
240523-t4w6pahd84
-
MD5
0b65dcbdc755a516181f47d69f5aee10
-
SHA1
fc9319ec254c2be1b7ba5174d36d142c1ce20440
-
SHA256
00c866d489bd11732441171441b8db0a135c76bdb7bf5c3adb4da66e97dbed43
-
SHA512
e37aba32337a5bf8793721d8d9b9582c906b9820ace2a831d1f6e9548e6631942df0bdf6b56f07c1420fa7ade2d3a1e34bb27cab4ddc7d57a42672919f1ead1c
-
SSDEEP
96:vEWuwXqdcs0faFF/oW8NYEpyGakOwJyZLLi8lTxd7Qhn004g6bnecFhZ3WjS:vurF8NY8yGywAL2Ox5QV004gIFhn
Static task
static1
Behavioral task
behavioral1
Sample
zap.cmd
Resource
win7-20240508-en
Malware Config
Extracted
xworm
3.1
xgmn934.duckdns.org:8896
2utLZrxcByvppTdF
-
install_file
USB.exe
Targets
-
-
Target
zap.cmd
-
Size
6KB
-
MD5
0b65dcbdc755a516181f47d69f5aee10
-
SHA1
fc9319ec254c2be1b7ba5174d36d142c1ce20440
-
SHA256
00c866d489bd11732441171441b8db0a135c76bdb7bf5c3adb4da66e97dbed43
-
SHA512
e37aba32337a5bf8793721d8d9b9582c906b9820ace2a831d1f6e9548e6631942df0bdf6b56f07c1420fa7ade2d3a1e34bb27cab4ddc7d57a42672919f1ead1c
-
SSDEEP
96:vEWuwXqdcs0faFF/oW8NYEpyGakOwJyZLLi8lTxd7Qhn004g6bnecFhZ3WjS:vurF8NY8yGywAL2Ox5QV004gIFhn
-
Detect Xworm Payload
-
Blocklisted process makes network request
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-