General
-
Target
SecurityHealthService.exe
-
Size
444KB
-
Sample
241113-mkc55stkhm
-
MD5
73c088a54fd675be63ae50e1415bce9b
-
SHA1
968ca108ce1d803f69cc3e1833d6d56615342169
-
SHA256
e9cb28657a6dcd7e0f17f6e4f7d128351c389784bb027fdaba7f669794edc846
-
SHA512
109d80075631fae4a952b972073677aafdb8b6c70d7e6ac1add6d6bfb5bee9a5227c3691d229a70ac67b993f37464b89efaf87b62f6646b135311e04419f9c09
-
SSDEEP
6144:IhuPcWqUsvDuKolyqL1eLBXziQZm07wGj386cDrWTAdjiutNNStXL297RDc+BwZI:IMyUsbuKwmFifywGWBPNStyxRDc+S
Static task
static1
Behavioral task
behavioral1
Sample
SecurityHealthService.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
SecurityHealthService.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
xworm
5.0
QTumvC8IOVGR3m18
-
install_file
USB.exe
-
pastebin_url
https://pastebin.com/raw/nV1XKCv3
Targets
-
-
Target
SecurityHealthService.exe
-
Size
444KB
-
MD5
73c088a54fd675be63ae50e1415bce9b
-
SHA1
968ca108ce1d803f69cc3e1833d6d56615342169
-
SHA256
e9cb28657a6dcd7e0f17f6e4f7d128351c389784bb027fdaba7f669794edc846
-
SHA512
109d80075631fae4a952b972073677aafdb8b6c70d7e6ac1add6d6bfb5bee9a5227c3691d229a70ac67b993f37464b89efaf87b62f6646b135311e04419f9c09
-
SSDEEP
6144:IhuPcWqUsvDuKolyqL1eLBXziQZm07wGj386cDrWTAdjiutNNStXL297RDc+BwZI:IMyUsbuKwmFifywGWBPNStyxRDc+S
Score10/10-
Detect Xworm Payload
-
Modifies WinLogon for persistence
-
Xworm family
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-