General
-
Target
76611689034914a32d83d3fafbd528f7498fcd80a78c19fb2d8e93f39ce14dc6.cmd
-
Size
6KB
-
Sample
240524-pzrm7adb3v
-
MD5
798c0f3c0c128497007a0616ef8d6b93
-
SHA1
cedbb573042a3275475973d0a6d45510a1941cd1
-
SHA256
76611689034914a32d83d3fafbd528f7498fcd80a78c19fb2d8e93f39ce14dc6
-
SHA512
f64eafe2d84b867ced4c430743cdfb3a4be3eac0a2d4a53114e9a815ebe5e4a5e94e4d7eed6d8ae647d25191994d88a7ae826717c50fc9e14c7a4de866868999
-
SSDEEP
192:wTcnW0e8ORczJDWx3CDKZJ4VKwUg9j16NuK:meC89VDWxUKZJm5p1/K
Static task
static1
Behavioral task
behavioral1
Sample
76611689034914a32d83d3fafbd528f7498fcd80a78c19fb2d8e93f39ce14dc6.cmd
Resource
win7-20240508-en
Malware Config
Extracted
xworm
3.1
nmds.duckdns.org:8895
O3B5rRVaa3oX74CD
-
install_file
USB.exe
Targets
-
-
Target
76611689034914a32d83d3fafbd528f7498fcd80a78c19fb2d8e93f39ce14dc6.cmd
-
Size
6KB
-
MD5
798c0f3c0c128497007a0616ef8d6b93
-
SHA1
cedbb573042a3275475973d0a6d45510a1941cd1
-
SHA256
76611689034914a32d83d3fafbd528f7498fcd80a78c19fb2d8e93f39ce14dc6
-
SHA512
f64eafe2d84b867ced4c430743cdfb3a4be3eac0a2d4a53114e9a815ebe5e4a5e94e4d7eed6d8ae647d25191994d88a7ae826717c50fc9e14c7a4de866868999
-
SSDEEP
192:wTcnW0e8ORczJDWx3CDKZJ4VKwUg9j16NuK:meC89VDWxUKZJm5p1/K
-
Detect Xworm Payload
-
Blocklisted process makes network request
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-