General
-
Target
FACELECTRONICASERVICIOSNo00000023847829.vbs
-
Size
224KB
-
Sample
250127-zprwbawjer
-
MD5
d5bfaee20cb41b21aa1c0b585492a182
-
SHA1
b9d63b379e84ddad697f22106f3ce1e473364ca9
-
SHA256
ba826234ceb14141d54951504e76e88739eb7e76025a37f4890e8b4d5ac04242
-
SHA512
44a3915878cc43b13bb8fbe533cf14ccfdf9c230c1c63d2a2c4b761aceff9e5f26b5d6eebdc1508fe6c067d2dc44b88ef1886f8162c0e9016a7ac5996296316c
-
SSDEEP
3072:FLbVmI3b0mgfmWu+me9VOv5iG5sVhQ30Wk+70wgA11:FLbVJe9VOvp
Static task
static1
Behavioral task
behavioral1
Sample
FACELECTRONICASERVICIOSNo00000023847829.vbs
Resource
win7-20240903-es
Malware Config
Extracted
xworm
5.0
31.13.224.246:5028
fvEl2mhoY8EbFYQE
-
install_file
USB.exe
Targets
-
-
Target
FACELECTRONICASERVICIOSNo00000023847829.vbs
-
Size
224KB
-
MD5
d5bfaee20cb41b21aa1c0b585492a182
-
SHA1
b9d63b379e84ddad697f22106f3ce1e473364ca9
-
SHA256
ba826234ceb14141d54951504e76e88739eb7e76025a37f4890e8b4d5ac04242
-
SHA512
44a3915878cc43b13bb8fbe533cf14ccfdf9c230c1c63d2a2c4b761aceff9e5f26b5d6eebdc1508fe6c067d2dc44b88ef1886f8162c0e9016a7ac5996296316c
-
SSDEEP
3072:FLbVmI3b0mgfmWu+me9VOv5iG5sVhQ30Wk+70wgA11:FLbVJe9VOvp
-
Detect Xworm Payload
-
Xworm family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-