General
-
Target
ORDER NAME MV MYNY IMO.exe
-
Size
6KB
-
Sample
250323-27e1ksy1bz
-
MD5
ba18f4e4a8a2b81de4a47a93a02fc8b5
-
SHA1
07893f128df30f82811503fa567baae1751bbac8
-
SHA256
3bf9df96547c080c337ac832dbb50f0bd779e3fe6c7ce7db47a827aa74fc4764
-
SHA512
8f0bf7af99db9d527adb292cbec0d344da8b80455d161fc8c1f907e53c114e317d01a25591699bf7e540c0cf16f584cfc78ba1b25321b4e7912d646dd51343e5
-
SSDEEP
96:Y8OQCtGcR3Bpbp2byj3t50sTbPRMk5fPzxtNAZKzNt:jCtGcR3Byy3nzeklN6s
Static task
static1
Behavioral task
behavioral1
Sample
ORDER NAME MV MYNY IMO.exe
Resource
win7-20250207-en
Malware Config
Extracted
xworm
5.0
bin12.ydns.eu:4050
bin14.ydns.eu:4050
kingsbkup1.ydns.eu:4050
smfcs1.ydns.eu:4050
smfcs3.ydns.eu:4050
HBJF3rW4RSROdudO
-
install_file
USB.exe
Targets
-
-
Target
ORDER NAME MV MYNY IMO.exe
-
Size
6KB
-
MD5
ba18f4e4a8a2b81de4a47a93a02fc8b5
-
SHA1
07893f128df30f82811503fa567baae1751bbac8
-
SHA256
3bf9df96547c080c337ac832dbb50f0bd779e3fe6c7ce7db47a827aa74fc4764
-
SHA512
8f0bf7af99db9d527adb292cbec0d344da8b80455d161fc8c1f907e53c114e317d01a25591699bf7e540c0cf16f584cfc78ba1b25321b4e7912d646dd51343e5
-
SSDEEP
96:Y8OQCtGcR3Bpbp2byj3t50sTbPRMk5fPzxtNAZKzNt:jCtGcR3Byy3nzeklN6s
-
Detect Xworm Payload
-
StormKitty payload
-
Stormkitty family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Xworm family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1