General
-
Target
41a7016acbf940ee8bcc47c661b2d759.bin
-
Size
406KB
-
Sample
240621-c9v25swfle
-
MD5
d1a131c8e3fad16090734a1d863313d3
-
SHA1
ee708859ae92800755919d871f310ad32cc909c9
-
SHA256
a9d58253f799b03e13a6a9ca1793dcc295a327316590f9c982a627507858858a
-
SHA512
3d1b5196b1a8734eab30280d93762a0f6533365f828996bdd6595691ec28514ed9fc02506038a049be64bffd0e591505a38e55a25a20f6662b4aa7b10115392d
-
SSDEEP
12288:Vx4d8JjCQh57xQmZPe7feVEonLj85h+y1MVY7XAo78S:T9dlm78EonUkN0T78S
Static task
static1
Behavioral task
behavioral1
Sample
order_document_sheet#PO35642.js
Resource
win7-20231129-en
Malware Config
Extracted
xworm
5.0
107.175.101.198:7000
dvNrQCwanoQ9ouuD
-
install_file
USB.exe
Targets
-
-
Target
order_document_sheet#PO35642.js
-
Size
576KB
-
MD5
da2a00db4ad85a7c84c8e3bdd158ed5b
-
SHA1
fac36df9615e08267ca51c5c32db76b5d5a3b047
-
SHA256
0ffef02908f711dc3b01b83a439e2aeaafa58b021a4c930ed47772e6d958931e
-
SHA512
e09e36d25ccbc7b443c215adcd013c40da9d78c82ae479326c4f92b8fabc26b8fa3f6c937fdd2b717f37330999d03928c02cd98ba0c0987245e9118770976e66
-
SSDEEP
12288:p68zPt15vj0FBKG5UmvOvhdvHVJwvPRjgTC7oS8Qo/A5Ih:p68zPRIFBOdvHvwXyTC7o5bh
-
Detect Xworm Payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-