General
-
Target
2501e83f738b12ed186682b7b962ab755d25a3e3de0202071f2d596ab043cdcd.bat
-
Size
193B
-
Sample
240813-bg9jdswcre
-
MD5
15bf9d410962834084b7fe0effc0223b
-
SHA1
cc8e4bb64f49838a1af2e1a4c42f737ed4e09d7c
-
SHA256
2501e83f738b12ed186682b7b962ab755d25a3e3de0202071f2d596ab043cdcd
-
SHA512
73d41a60f5bca35bfcb2577b179b1e84c9b0be6834a0a784d9a6096f01230069313063a63fb48e3fe3cfae35fd008b717ef720f6d4589c93a202025b8b6232c8
Static task
static1
Behavioral task
behavioral1
Sample
2501e83f738b12ed186682b7b962ab755d25a3e3de0202071f2d596ab043cdcd.bat
Resource
win7-20240729-en
Malware Config
Extracted
xworm
5.0
198.244.206.37:7000
qeAHLfR3nbg5ttUt
-
install_file
USB.exe
Targets
-
-
Target
2501e83f738b12ed186682b7b962ab755d25a3e3de0202071f2d596ab043cdcd.bat
-
Size
193B
-
MD5
15bf9d410962834084b7fe0effc0223b
-
SHA1
cc8e4bb64f49838a1af2e1a4c42f737ed4e09d7c
-
SHA256
2501e83f738b12ed186682b7b962ab755d25a3e3de0202071f2d596ab043cdcd
-
SHA512
73d41a60f5bca35bfcb2577b179b1e84c9b0be6834a0a784d9a6096f01230069313063a63fb48e3fe3cfae35fd008b717ef720f6d4589c93a202025b8b6232c8
-
Detect Xworm Payload
-
Download via BitsAdmin
-
Downloads MZ/PE file
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Deletes itself
-
Suspicious use of SetThreadContext
-