General
-
Target
24032025_0658_Kfboa.exe.iso
-
Size
58KB
-
Sample
250324-hxknjasths
-
MD5
53a6902d0d88b18792e10500ad5e6a1d
-
SHA1
a33e872c8361f44ffebf30f60d691942191a2c76
-
SHA256
e3ff20fc55412a7f64bc0e079a7c4ccab038fef613010a251133c1192fc81cf6
-
SHA512
216fa17cd6f0962690fcc3375793cb8d19d72f5f8323e698ec34590c7eb009038deafd215e5150966fc9b03feabd0d3ffd97bc427a7f0e5f846f86ad58b2da06
-
SSDEEP
96:5+0aB2VVxmwnavYFyj3tuDeFHxtNxC4zNt:qB2nxdXFy37VxYa
Static task
static1
Behavioral task
behavioral1
Sample
Kfboa.exe
Resource
win7-20241023-en
Malware Config
Extracted
xworm
5.0
bin12.ydns.eu:4050
bin14.ydns.eu:4050
kingsbkup1.ydns.eu:4050
smfcs1.ydns.eu:4050
smfcs3.ydns.eu:4050
eFgRwYcigKCR8e0p
-
install_file
USB.exe
Targets
-
-
Target
Kfboa.exe
-
Size
6KB
-
MD5
ceba7570864bdd6c2dfe5e11fa5625ea
-
SHA1
38033ecf6350e2e7dc49914b64886818ee18e6c8
-
SHA256
b5d47c5e81250db93f2d48269950223bce5495e24bb4fc08c00e57a49810a76b
-
SHA512
7728f905c0606e437a5f3be25682f69aec207f0269ff5715978810029de9907872153f6a944b9634a3f0928e0d7b1878541d906cb29a50effc7edc5f3e7ff4c6
-
SSDEEP
96:s0aB2VVxmwnavYFyj3tuDeFHxtNxC4zNt:KB2nxdXFy37VxYa
-
Detect Xworm Payload
-
StormKitty payload
-
Stormkitty family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Xworm family
-
Drops startup file
-
Suspicious use of SetThreadContext
-