General
-
Target
ffe9b9de145969a32320dbbfa6dd5fe6.bin
-
Size
166KB
-
Sample
240621-edqhws1gmk
-
MD5
d322345396967c661086087d1578e621
-
SHA1
2ae6fed95aa61350867b6da1f38a50513b55f899
-
SHA256
d4bbab55c9a16739abf7b2b722788c3386a5a6fdc2cc017d8a86629b92c55210
-
SHA512
134398d89fbce6c9e8da07d0cc718e257650799af9021f50b2f4e9ab5cad9f73206c9dce8bab80a23f8ea8e9485761c94caabed407c987f0722b5b3174ccf5cd
-
SSDEEP
3072:GgAGLp/bE47Q1Cf1KViQpIDe+UfhOBFv6KSTveNXImbw6QjuhQ:Ggp17Q1CdKVifeVf4f6PveKmk9uhQ
Static task
static1
Behavioral task
behavioral1
Sample
6513f2777a217402f9fa6196dacc31c948dfdde0680ccba57879b1c8d2cd11f8.vbe
Resource
win7-20240611-en
Malware Config
Extracted
xworm
5.0
193.161.193.99:22849
59cumZBR6kSrFlEg
-
install_file
USB.exe
Targets
-
-
Target
6513f2777a217402f9fa6196dacc31c948dfdde0680ccba57879b1c8d2cd11f8.vbe
-
Size
274KB
-
MD5
ffe9b9de145969a32320dbbfa6dd5fe6
-
SHA1
845f94bea47738145737b413992ef141af93e69c
-
SHA256
6513f2777a217402f9fa6196dacc31c948dfdde0680ccba57879b1c8d2cd11f8
-
SHA512
be162b21b798c681ab7146210d5f2cb742bd9a49aff6778ea9614decf6688f511b172ee8e632c19cc01092b3f9233655b08829652cf8c93bd07e1b2d9ac28e88
-
SSDEEP
6144:/2AuQvH6zYFyqnL+ct+7og/6zyGfcbygrvjAw6LVWPLaFUy:/Mc+7OzUbyobTWeu
-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-