General
-
Target
zap.cmd
-
Size
6KB
-
Sample
240523-tv4t6sha98
-
MD5
5521519d477ec8b95c87ad7ffc115145
-
SHA1
551da12ea131d7bf60646a35cfcd8a3a16905f94
-
SHA256
3a399d16db8e57cf727a03f4d9ad33624c08571c0f0b2e4120095e4622c22e19
-
SHA512
46afb8d1b705d1d380b739898a74be66593b04adb9d27f3cacfdfe16c896ee08579e5c1aea410fbdb4c5116987f99e0ed9396b35f6761dbab48eeef1d425f96f
-
SSDEEP
96:JQyAIf/tbpCJ5gEpH6SpLiF2gzfTUOTgdGw9kVFVZM2jX3lQFgUXJYIpwsz:9ntb0S2uIOeD9kVFVZM2r8BX+M
Static task
static1
Behavioral task
behavioral1
Sample
zap.cmd
Resource
win7-20240508-en
Malware Config
Extracted
xworm
5.0
tbsagyw.duckdns.org:8896
MFUu6tulv9qAMMHj
-
install_file
USB.exe
Targets
-
-
Target
zap.cmd
-
Size
6KB
-
MD5
5521519d477ec8b95c87ad7ffc115145
-
SHA1
551da12ea131d7bf60646a35cfcd8a3a16905f94
-
SHA256
3a399d16db8e57cf727a03f4d9ad33624c08571c0f0b2e4120095e4622c22e19
-
SHA512
46afb8d1b705d1d380b739898a74be66593b04adb9d27f3cacfdfe16c896ee08579e5c1aea410fbdb4c5116987f99e0ed9396b35f6761dbab48eeef1d425f96f
-
SSDEEP
96:JQyAIf/tbpCJ5gEpH6SpLiF2gzfTUOTgdGw9kVFVZM2jX3lQFgUXJYIpwsz:9ntb0S2uIOeD9kVFVZM2r8BX+M
-
Detect Xworm Payload
-
Blocklisted process makes network request
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-