General
-
Target
skibidi uac temp.bat
-
Size
762B
-
Sample
240812-28pleawepq
-
MD5
2a6867bc5bf2aa120ded0f3e5e3aaffd
-
SHA1
572489979b0cd08bf6b962c4c9654aa2c8fe7f6e
-
SHA256
353ce41096bfc4a123151d6876cf0a64838d0805f69a91f2008061433a84bf60
-
SHA512
a67c6bc2236f7ddc194fb2c1bd99c1ae31d87dcf3daeaa38169e60acb369b4d9594dd4423ae1e5f75e586da24346a522754934a803cc62bb13f18dca96b4bbb5
Static task
static1
Behavioral task
behavioral1
Sample
skibidi uac temp.bat
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
skibidi uac temp.bat
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
skibidi uac temp.bat
Resource
win11-20240802-en
Malware Config
Extracted
xworm
5.0
dating-mpegs.gl.at.ply.gg:6566
hzlnv0DUzbSPOIAL
-
Install_directory
%Userprofile%
-
install_file
Uni.exe
Targets
-
-
Target
skibidi uac temp.bat
-
Size
762B
-
MD5
2a6867bc5bf2aa120ded0f3e5e3aaffd
-
SHA1
572489979b0cd08bf6b962c4c9654aa2c8fe7f6e
-
SHA256
353ce41096bfc4a123151d6876cf0a64838d0805f69a91f2008061433a84bf60
-
SHA512
a67c6bc2236f7ddc194fb2c1bd99c1ae31d87dcf3daeaa38169e60acb369b4d9594dd4423ae1e5f75e586da24346a522754934a803cc62bb13f18dca96b4bbb5
-
Detect Xworm Payload
-
Blocklisted process makes network request
-
Download via BitsAdmin
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
BITS Jobs
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1