General
-
Target
fb18c39f77b20f1c5b2fe391afc1318f.bin
-
Size
23KB
-
Sample
240621-edjeksxepf
-
MD5
7d31411ac88e0827aaf0f99f40680e17
-
SHA1
eb747d8da2b9215955d33936ea91d87e603a3978
-
SHA256
e6ffbcca0cf52c544269515f5e6340d92fd6f85d992b5d7cd57556e92db74197
-
SHA512
ffd36742dffc9600299d5df60d930ac32ea228d6bb54377c989766007b2aa360e4edc509875e3101de1c21c8458272f593cbd5003a395b2ea19c6cdd92607ada
-
SSDEEP
384:btPF/OSEXqn11PJfuRIsYIDcDvp69v/h/IxjO7KKe1Zu2efWMpA3kMclDHLC+HIu:b3/+qfRfmvYXrp6BhwxjO7WO2AvWchLh
Static task
static1
Behavioral task
behavioral1
Sample
RFQ_TSL104.20221024_pdf.vbs
Resource
win7-20240419-en
Malware Config
Extracted
xworm
5.0
liliana221990.duckdns.org:7000
8rNeaQQDJANqySCC
-
install_file
USB.exe
Targets
-
-
Target
RFQ_TSL104.20221024_pdf.vbs
-
Size
400.0MB
-
MD5
2638fb06302ad73878fd5ded3d1496c4
-
SHA1
b5578705001d62f3c0af0ff40d36a927c2d3e587
-
SHA256
adf773b49d8306e08b5232039e0dea143e2c015cdc731f1be86d7dd92fcca6a9
-
SHA512
d9a91cbab5e98de178c240d5d6331f63f0525e96ff87f6c512b22a5a62aec14873ac644821ec4a9a640b24979654b37d4b10115a98e72e1590bd529cc4392ae1
-
SSDEEP
768:8axn72mwriA9vsCP7pkYeDIOcJIzazqeWIR4hw79GiWiQgFGdM+VA:8axn72mk7leVcR+naYEM7gFGdM+VA
-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-