General
-
Target
ecdea80099e541809e0ecb95f993123974f8722ad4bb2b2bdc6b489ca02aaabd
-
Size
978KB
-
Sample
240830-p6z8xavekf
-
MD5
f6e37f2a221fbca748053e8a46c3ef9f
-
SHA1
92f1a5d8aad5bc421b803a6048a8ce0bbee0c953
-
SHA256
ecdea80099e541809e0ecb95f993123974f8722ad4bb2b2bdc6b489ca02aaabd
-
SHA512
3c94e63bef99ab0d1cebe8f41b737b082600f1b2f1e723d134f1a400fe9f8dea0a75b263e3f7d5fa03bb8e4c9f84c3b567567b3026c5d5cf236e3c00fdb3f272
-
SSDEEP
384:s8U6eeeeeeeeeeeRReeeeeeeeeeeReeeeeeeeeeezeeeeeeeeeee8eeeeeeeeeeU:fU2e
Static task
static1
Behavioral task
behavioral1
Sample
New_Document-#3765618.js
Resource
win7-20240708-en
Malware Config
Extracted
xworm
5.0
yolomesho.work.gd:7000
oUFURe5xwVr67Kd5
-
install_file
USB.exe
Targets
-
-
Target
New_Document-#3765618.js
-
Size
441KB
-
MD5
c7e47553b94c0d18ecf9e03b5ffec68b
-
SHA1
bfb60db9ad9e0bd41ee2335acaa6316264c0b638
-
SHA256
8ed7810c7c48d274f4b845cb155ab61af9ac0297fceb2f356ad5557434977b5a
-
SHA512
5a624285b1d9179939495c0f2baa4ecfb7cc9561098977be825ab83b6c90d5e86b4571f5cfa603d9e5e2be76b8e84153a607f26b4263cbff908bb5aca2201194
-
SSDEEP
384:JeeeeeeeeeeeRReeeeeeeeeeeReeeeeeeeeeezeeeeeeeeeee8eeeeeeeeeeeRe4:Heo
-
Detect Xworm Payload
-
Blocklisted process makes network request
-
Download via BitsAdmin
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-