General
-
Target
8ed14dadb7987466d677dd625530ffe02d4e1163efd4629024e6509fb99a178e
-
Size
2.7MB
-
Sample
240912-2l5n4szcqa
-
MD5
1d9867f060ccc14263204c633b36968f
-
SHA1
e920df67a49f7e44faa2de3f62acac81b7dd133f
-
SHA256
8ed14dadb7987466d677dd625530ffe02d4e1163efd4629024e6509fb99a178e
-
SHA512
7c43baded559ba1b89c814631dce7f49aaf0006ef394198fd9e5a8851336f840342ece50fedcc69d2353b2efeaab647a9f68758011b1e1ce723d938eeab47766
-
SSDEEP
49152:fbNIx7/wBRK/6YK7pFDHg3u67gt6VSi/2P:fbNc7oVFk97gt6AiOP
Malware Config
Extracted
xworm
5.0
VgZ3gltaj0fGjOm5
-
install_file
USB.exe
-
pastebin_url
https://pastebin.com/raw/Q9e5dCEL
-
telegram
https://api.telegram.org/bot7014340212:AAH7pEXbcp-rOhGS8YVjIHjg0C8qlSDZSI4
Targets
-
-
Target
8ed14dadb7987466d677dd625530ffe02d4e1163efd4629024e6509fb99a178e
-
Size
2.7MB
-
MD5
1d9867f060ccc14263204c633b36968f
-
SHA1
e920df67a49f7e44faa2de3f62acac81b7dd133f
-
SHA256
8ed14dadb7987466d677dd625530ffe02d4e1163efd4629024e6509fb99a178e
-
SHA512
7c43baded559ba1b89c814631dce7f49aaf0006ef394198fd9e5a8851336f840342ece50fedcc69d2353b2efeaab647a9f68758011b1e1ce723d938eeab47766
-
SSDEEP
49152:fbNIx7/wBRK/6YK7pFDHg3u67gt6VSi/2P:fbNc7oVFk97gt6AiOP
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Detect Xworm Payload
-
Xworm
Xworm is a remote access trojan written in C#.
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-