General
-
Target
d0f73c23361be86872a1a87ef43e998a0e1e4fabbd40f5cd86ae333e1a09bdb7.vbs
-
Size
72KB
-
Sample
240524-qaeg1aec8v
-
MD5
828b53e8f1faed52722f7b7dd53c8c92
-
SHA1
f80c8f0bcb94ea38d10e239b203e4e990b649540
-
SHA256
d0f73c23361be86872a1a87ef43e998a0e1e4fabbd40f5cd86ae333e1a09bdb7
-
SHA512
9273d55d7e193a3853b15dbc7d35cf545e00fb82428d22f554124cd74d694629fe775e626adcdc577d6961c8a86f9d2a57ea822f933533eff82a9a38c2420d87
-
SSDEEP
1536:xvv1gPn2+VbGSZ0way5Nv6/+sfoYNkvYX4+1pFlEixGvQ:x2PRVbnZB5M2s1+r+1rFGvQ
Static task
static1
Behavioral task
behavioral1
Sample
d0f73c23361be86872a1a87ef43e998a0e1e4fabbd40f5cd86ae333e1a09bdb7.vbs
Resource
win7-20240508-en
Malware Config
Extracted
xworm
3.1
rachesxwdavid.duckdns.org:8895
HS0J0ha2f3izEQny
-
install_file
USB.exe
Targets
-
-
Target
d0f73c23361be86872a1a87ef43e998a0e1e4fabbd40f5cd86ae333e1a09bdb7.vbs
-
Size
72KB
-
MD5
828b53e8f1faed52722f7b7dd53c8c92
-
SHA1
f80c8f0bcb94ea38d10e239b203e4e990b649540
-
SHA256
d0f73c23361be86872a1a87ef43e998a0e1e4fabbd40f5cd86ae333e1a09bdb7
-
SHA512
9273d55d7e193a3853b15dbc7d35cf545e00fb82428d22f554124cd74d694629fe775e626adcdc577d6961c8a86f9d2a57ea822f933533eff82a9a38c2420d87
-
SSDEEP
1536:xvv1gPn2+VbGSZ0way5Nv6/+sfoYNkvYX4+1pFlEixGvQ:x2PRVbnZB5M2s1+r+1rFGvQ
-
Detect Xworm Payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-