General
-
Target
d960d1980fbb7446cab8533dc42ccd13.zip
-
Size
6KB
-
Sample
241029-2px4fasnhn
-
MD5
d960d1980fbb7446cab8533dc42ccd13
-
SHA1
675b937d9662c2401c362eff917c81a1e8d4a9f1
-
SHA256
568ba74b8618d572ab754f6f49f1bf0e4d48692c63af13a5128273b88895b4ee
-
SHA512
70d4d4cf3bbe99b1509862fc75ea99e3b769279f8de55fb4ecbe5fc0c7a09af75c19bdbaf6c16e60cbc1263eb0388cb7c367fc929b05da6cb25abebc1f3fed46
-
SSDEEP
192:42q2oqDKUSMkUcWDHqyT2GlT6TbrKpknbjCSz40I2e24:9dSoKnDKpI3CSk0i
Static task
static1
Behavioral task
behavioral1
Sample
TRANSACCIÓN Pagar proveedores ha sido Aprobada.bat
Resource
win7-20241023-en
Malware Config
Extracted
https://github.com/CryptersAndTools/Upload/blob/main/new_image.jpg?raw=true
https://github.com/CryptersAndTools/Upload/blob/main/new_image.jpg?raw=true
Extracted
xworm
5.0
crypters.ddns.com.br:7000
GGGrHP0Odh89zLnb
-
install_file
USB.exe
Targets
-
-
Target
TRANSACCIÓN Pagar proveedores ha sido Aprobada.bat
-
Size
210KB
-
MD5
578af000aed63fa1ede68df809e4ecf1
-
SHA1
8d4879bda890604c497961d1a7fa629d857392eb
-
SHA256
063e9da93b4d0e7b9f9e78911962cb83fcb02d648fb8be4e4cfa24f4a828367d
-
SHA512
0a88222d321d8f2367d12bfaa85e0816960277953437da758d480efb2cfdc4cb444e897ec8060a5b684af749b95f2a615f87c5ede99bb6847b96f5be45b48829
-
SSDEEP
6144:vZXTzJ4W13nUOtjrquYrggU6qgAKggmcWg2w08:2
-
Detect Xworm Payload
-
Xworm family
-
Blocklisted process makes network request
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-