General
-
Target
a504370334b058a77d2aeb53aec960261d6a6f4e34cda37b199f67978cbcfb89
-
Size
3.2MB
-
Sample
240621-cf3vwswakc
-
MD5
5bd0be8a64177d78e328523387183790
-
SHA1
cc1de773b27811c9cfbe327410a5b4378d7f6884
-
SHA256
a504370334b058a77d2aeb53aec960261d6a6f4e34cda37b199f67978cbcfb89
-
SHA512
1a868a5f9635bd3a631eec5cb98b0610f22e9434a1f9ba49396d26b62fa4327e83f3628cc70f6f426dabe431bfc3c86edd112ea17e1b73281c7d64bea9819174
-
SSDEEP
6144:H4rsBTxAM2yERUGJyFwKVeu6Tv3fpqp9lC2FVRnAcNVK1V5dbfsop8wrkIjm:bB1fgJyrVevvpJIRA2VKTfcIi
Static task
static1
Behavioral task
behavioral1
Sample
a504370334b058a77d2aeb53aec960261d6a6f4e34cda37b199f67978cbcfb89.exe
Resource
win7-20231129-en
Malware Config
Extracted
xworm
5.0
172.93.222.235:7725
EaDc0m9mpwzOMMwb
-
install_file
USB.exe
Targets
-
-
Target
a504370334b058a77d2aeb53aec960261d6a6f4e34cda37b199f67978cbcfb89
-
Size
3.2MB
-
MD5
5bd0be8a64177d78e328523387183790
-
SHA1
cc1de773b27811c9cfbe327410a5b4378d7f6884
-
SHA256
a504370334b058a77d2aeb53aec960261d6a6f4e34cda37b199f67978cbcfb89
-
SHA512
1a868a5f9635bd3a631eec5cb98b0610f22e9434a1f9ba49396d26b62fa4327e83f3628cc70f6f426dabe431bfc3c86edd112ea17e1b73281c7d64bea9819174
-
SSDEEP
6144:H4rsBTxAM2yERUGJyFwKVeu6Tv3fpqp9lC2FVRnAcNVK1V5dbfsop8wrkIjm:bB1fgJyrVevvpJIRA2VKTfcIi
-
Detect Xworm Payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-