General
-
Target
file.exe
-
Size
1.0MB
-
Sample
241111-z3ah7azmcr
-
MD5
bf265e0055178b2aa642fc6df2ae5f40
-
SHA1
f692cbf19ecf33a48ddefa2b615ea979fa5633b4
-
SHA256
9b0021640b636a39ab43bfff88e5dca26161e8cd4da26596f0c3068fb7659642
-
SHA512
c20bfffbe194f551dfaeab68579b89f5c4fb8d5bb90d80b516f008a4debc009505d059e03a404d08605f903be1126c1600e96786369a7abe6813842ab36cae3d
-
SSDEEP
12288:BCQdkpj9XCQR9Fo+lSEr/CAcHqpxr0H8totz8LfAz1uviBCGG4HgoKQJZNL:BVdujt9pAE0+rMN8LYzcyTAqJZNL
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
1.0MB
-
MD5
bf265e0055178b2aa642fc6df2ae5f40
-
SHA1
f692cbf19ecf33a48ddefa2b615ea979fa5633b4
-
SHA256
9b0021640b636a39ab43bfff88e5dca26161e8cd4da26596f0c3068fb7659642
-
SHA512
c20bfffbe194f551dfaeab68579b89f5c4fb8d5bb90d80b516f008a4debc009505d059e03a404d08605f903be1126c1600e96786369a7abe6813842ab36cae3d
-
SSDEEP
12288:BCQdkpj9XCQR9Fo+lSEr/CAcHqpxr0H8totz8LfAz1uviBCGG4HgoKQJZNL:BVdujt9pAE0+rMN8LYzcyTAqJZNL
-
Detect Xworm Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Xworm family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates processes with tasklist
-