General
-
Target
22b7f742553d9bf6d843a3ae5a2cd3e8.bin
-
Size
167KB
-
Sample
240621-c5sffswelb
-
MD5
3dcb3d22014010a3c42e660440387cb5
-
SHA1
e33784fb85cffcff8ee442128bb4332c386b932b
-
SHA256
10c09a7b3cd9a7c2218819e5fd1d35e21a54c171b81109ba3dcc88b1c121e954
-
SHA512
748097d5ec2b220c59a3e75a48297777a21c25b386a0849ccc04a46935786874699553816fb3f73036b191afc697e78232d56ef9b1d8a52750bb045b47bd1cd1
-
SSDEEP
3072:hOZjOaReVbfHqOmq3EXy4cgOCcsSk03om3b2socGUzc9nyor1gRu57zy:hOgaREL8q32BrOCxSk/YCGxzc9yoxgY4
Static task
static1
Behavioral task
behavioral1
Sample
Project Al Ain (Hilli & Al Fou’ah) Parks.vbe
Resource
win7-20240220-en
Malware Config
Extracted
xworm
5.0
193.161.193.99:22849
59cumZBR6kSrFlEg
-
install_file
USB.exe
Targets
-
-
Target
Project Al Ain (Hilli & Al Fou’ah) Parks.vbe
-
Size
274KB
-
MD5
ffe9b9de145969a32320dbbfa6dd5fe6
-
SHA1
845f94bea47738145737b413992ef141af93e69c
-
SHA256
6513f2777a217402f9fa6196dacc31c948dfdde0680ccba57879b1c8d2cd11f8
-
SHA512
be162b21b798c681ab7146210d5f2cb742bd9a49aff6778ea9614decf6688f511b172ee8e632c19cc01092b3f9233655b08829652cf8c93bd07e1b2d9ac28e88
-
SSDEEP
6144:/2AuQvH6zYFyqnL+ct+7og/6zyGfcbygrvjAw6LVWPLaFUy:/Mc+7OzUbyobTWeu
-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-