General
-
Target
bde622fc1ddebc014f70ce6da713d999d723ec473bf5497a669fd8fbea287e94.cmd
-
Size
6KB
-
Sample
240524-p1jnzadb9v
-
MD5
3a4042eca22b5630f0d94807b7ebf1ab
-
SHA1
274dec7f1a11302050f24f06f19bc357eee9959e
-
SHA256
bde622fc1ddebc014f70ce6da713d999d723ec473bf5497a669fd8fbea287e94
-
SHA512
b7d0653e191f2c56acf22915cfd199ac79d94129d56926d8f99aaa5f834d08196a56998d586ab034b9bd44bc8e759e133da08d0ee853f3c54fee9336913df59c
-
SSDEEP
96:akLd2YhwXGsvb/IncRIVZjAcmwkpi9Jyg8XiD7528pekM6w2He3JzFBmWsc9nODy:aBYe/b/IcmZjKw5rT5FAx8evcWsc94y
Static task
static1
Behavioral task
behavioral1
Sample
bde622fc1ddebc014f70ce6da713d999d723ec473bf5497a669fd8fbea287e94.cmd
Resource
win7-20240221-en
Malware Config
Extracted
xworm
5.0
x5387400.duckdns.org:8896
F4ssR8b386Bj6q2g
-
install_file
USB.exe
Targets
-
-
Target
bde622fc1ddebc014f70ce6da713d999d723ec473bf5497a669fd8fbea287e94.cmd
-
Size
6KB
-
MD5
3a4042eca22b5630f0d94807b7ebf1ab
-
SHA1
274dec7f1a11302050f24f06f19bc357eee9959e
-
SHA256
bde622fc1ddebc014f70ce6da713d999d723ec473bf5497a669fd8fbea287e94
-
SHA512
b7d0653e191f2c56acf22915cfd199ac79d94129d56926d8f99aaa5f834d08196a56998d586ab034b9bd44bc8e759e133da08d0ee853f3c54fee9336913df59c
-
SSDEEP
96:akLd2YhwXGsvb/IncRIVZjAcmwkpi9Jyg8XiD7528pekM6w2He3JzFBmWsc9nODy:aBYe/b/IcmZjKw5rT5FAx8evcWsc94y
-
Detect Xworm Payload
-
Blocklisted process makes network request
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-