General
-
Target
MOF%20PRODUCTION%20SDN%20BHD%20STATEMENT%20ACC.zip
-
Size
814KB
-
Sample
241206-kvyhqavqam
-
MD5
64f299dc2b09c663c95031ec9b0fab53
-
SHA1
ed22cd1ee11357ea70565c6f020a0c9092a0a136
-
SHA256
6d9c0d9c7b1d0f53b585be342a9aba75ace2cfaa5293983225781d8eea9d9557
-
SHA512
bd36c4a0732a8f6fdde56d47fea6549fb11defd38f9b2a757fd8e20f3a406071221b64e486075276fdf3476c7d19b3e329481dfd31954dd16f9dc3618b6d5083
-
SSDEEP
24576:IJeEG8fuYFxFTzPGJ3tf9+5NngdV1/poKBwnl:IJA8vnFTzPOV+5Ngdrpyl
Static task
static1
Behavioral task
behavioral1
Sample
MOF%20PRODUCTION%20SDN%20BHD%20STATEMENT%20ACC.zip
Resource
win10v2004-20241007-en
Malware Config
Extracted
xworm
5.0
odogwu.mysynology.net:7000
ivfnkhmgsIavIQ0A
-
install_file
USB.exe
Targets
-
-
Target
MOF%20PRODUCTION%20SDN%20BHD%20STATEMENT%20ACC.zip
-
Size
814KB
-
MD5
64f299dc2b09c663c95031ec9b0fab53
-
SHA1
ed22cd1ee11357ea70565c6f020a0c9092a0a136
-
SHA256
6d9c0d9c7b1d0f53b585be342a9aba75ace2cfaa5293983225781d8eea9d9557
-
SHA512
bd36c4a0732a8f6fdde56d47fea6549fb11defd38f9b2a757fd8e20f3a406071221b64e486075276fdf3476c7d19b3e329481dfd31954dd16f9dc3618b6d5083
-
SSDEEP
24576:IJeEG8fuYFxFTzPGJ3tf9+5NngdV1/poKBwnl:IJA8vnFTzPOV+5Ngdrpyl
-
Detect Xworm Payload
-
Guloader family
-
Xworm family
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-