General
-
Target
zap.cmd
-
Size
6KB
-
Sample
240523-t7j1jahd5v
-
MD5
e60c8b85dbb0822e8d7783bfbcf1373e
-
SHA1
b82628d1e5f5990cce0fc1759db1d66d272970de
-
SHA256
74dded6a9d78cb7d3b4f1a0141abe5c25c552583a6a1a1a2c37d3e263f611ab6
-
SHA512
f4cd5242390b101450cd77d50c661332e042a5a49512d0421aa1aa245ed44820c4759f8db18b9643f4f29ae7ad853451b8b8bac9c76abaca85abbd4e64bd0229
-
SSDEEP
96:3CAmMQCWs85AG8Cdzn7mhmFDSKG1obatde4MlXMQpQAqvbfq0ifcZvc+dmu29g:3CANQC5iARCdQwg122NMzQq0iUNNdmuh
Static task
static1
Behavioral task
behavioral1
Sample
zap.cmd
Resource
win7-20240221-en
Malware Config
Extracted
xworm
3.1
xgmn934.duckdns.org:8896
2utLZrxcByvppTdF
-
install_file
USB.exe
Targets
-
-
Target
zap.cmd
-
Size
6KB
-
MD5
e60c8b85dbb0822e8d7783bfbcf1373e
-
SHA1
b82628d1e5f5990cce0fc1759db1d66d272970de
-
SHA256
74dded6a9d78cb7d3b4f1a0141abe5c25c552583a6a1a1a2c37d3e263f611ab6
-
SHA512
f4cd5242390b101450cd77d50c661332e042a5a49512d0421aa1aa245ed44820c4759f8db18b9643f4f29ae7ad853451b8b8bac9c76abaca85abbd4e64bd0229
-
SSDEEP
96:3CAmMQCWs85AG8Cdzn7mhmFDSKG1obatde4MlXMQpQAqvbfq0ifcZvc+dmu29g:3CANQC5iARCdQwg122NMzQq0iUNNdmuh
-
Detect Xworm Payload
-
Blocklisted process makes network request
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-