General
-
Target
a6153d09a83cd3cf7391fa6bd817a8d7.zip
-
Size
6KB
-
Sample
241029-2aw8lasmbl
-
MD5
a6153d09a83cd3cf7391fa6bd817a8d7
-
SHA1
db9c08319cd22842a9cdcc5925f46327f2f004fc
-
SHA256
2aa9509682d45bc187eba3c951ec3841101779d1c93da418cbadbbf0c927c17d
-
SHA512
69f1fda51aa507260908c2163801b3cf1766d1c3decce6725ac71a8a84a392b0b85dc9bfc9e5fff4ef0773dd791b49410512838daa325ac945060dc336280172
-
SSDEEP
96:hRzwv4ktECTCMMNzmz0RJ8j6tO6ArGA9oDWzBm2cC2zGlDFsG3M2PyZjVnzN3VSm:/kgk2CX+Kr3iCJc8F9M22z7SWf
Static task
static1
Behavioral task
behavioral1
Sample
OPERACIÓN DE TRANSACCIÓN FINANCIERA ACH.bat
Resource
win7-20240903-en
Malware Config
Extracted
https://github.com/CryptersAndTools/Upload/blob/main/new_image.jpg?raw=true
https://github.com/CryptersAndTools/Upload/blob/main/new_image.jpg?raw=true
Extracted
xworm
5.0
crypters.ddns.com.br:7000
GGGrHP0Odh89zLnb
-
install_file
USB.exe
Targets
-
-
Target
OPERACIÓN DE TRANSACCIÓN FINANCIERA ACH.bat
-
Size
210KB
-
MD5
fc162f6d374e3bce9c3130fdcb6b7307
-
SHA1
a874953f738df2b9c59d52d1262aac387bf26fb7
-
SHA256
c7b24736650ed6130939821101f4641e1a50a2316f3bbcf974d85c8de585a40d
-
SHA512
520bf9202494786604d194bf6b23020231810744bbb405c1177ab7ee30c82633027445c3bb4e464cc690e7d7d0b6daaecd0a5884aeebcd585541d746cdf662e8
-
SSDEEP
6144:vZnip76K90FB+Z7VIuArKAgY2aaOOiuauK+yp8:E
-
Detect Xworm Payload
-
Xworm family
-
Blocklisted process makes network request
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-