Analysis
-
max time kernel
149s -
max time network
155s -
platform
windows11-21h2_x64 -
resource
win11-20250410-en -
resource tags
arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system -
submitted
18/04/2025, 09:26
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
tmp_ojohbyy.exe
Resource
win10v2004-20250410-en
7 signatures
150 seconds
General
-
Target
tmp_ojohbyy.exe
-
Size
1.4MB
-
MD5
2a0540465cfed45dd2295424aed005ac
-
SHA1
ef4e6ec7f9f565bbba0e3a7854225ff7d2c90feb
-
SHA256
ce77b1bc3431139358e2a70fa5f731d1be127e77efe8b534df5ccde59083849d
-
SHA512
68ed1a920b4f43d029014c0bf0b4ba461e2158dd232d088c316448fa00c6660c204826df35f02c88e6e05243547fb4097717e7a3894bfbf7712686d209a9526d
-
SSDEEP
24576:qjXw5i2hE1x/ofE/3XvWBqlIKxvFZuDSJUo0/db1mEOFZhc2:CXw5i2C1x/wE2BIIMvzuDSJ8db1mEOFc
Malware Config
Extracted
Family
xworm
Attributes
-
install_file
MasonUSB.exe
Extracted
Family
latentbot
C2
cryptoghost.zapto.org
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule behavioral2/memory/6100-4-0x000001A34A2D0000-0x000001A34A2E2000-memory.dmp family_xworm -
Latentbot family
-
Xworm family
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 1 raw.githubusercontent.com 2 raw.githubusercontent.com -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 6100 tmp_ojohbyy.exe