Analysis
-
max time kernel
147s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20250410-en -
resource tags
arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system -
submitted
18/04/2025, 12:31
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
tmpxtllxmbq.exe
Resource
win10v2004-20250410-en
7 signatures
150 seconds
General
-
Target
tmpxtllxmbq.exe
-
Size
1.3MB
-
MD5
74fd34ea47e881219cfd18503eae5a7b
-
SHA1
eedb8636972d435dc593a2a4eed4c248175af4f2
-
SHA256
1fcaf14c2bf8df5d8fa0e8efcf728ba06f2d1fb7ef213d00d7b763031ff9a536
-
SHA512
5f90523c044fac81d5e102182233bccfca057c31a90047e7460474fca35c5f441e4770c8d89934a2ac63742aa14d65e4313cf517df4e4982eac5c25df5611006
-
SSDEEP
24576:DjXw5i2hE1x/ofE/3XvWBqlIKxvFZuDSJUo0/db1mEOFZhc:nXw5i2C1x/wE2BIIMvzuDSJ8db1mEOFc
Malware Config
Extracted
Family
xworm
Attributes
-
install_file
MasonUSB.exe
Extracted
Family
latentbot
C2
cryptoghost.zapto.org
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule behavioral1/memory/544-3-0x0000000001110000-0x0000000001122000-memory.dmp family_xworm -
Latentbot family
-
Xworm family
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 5 raw.githubusercontent.com 3 raw.githubusercontent.com -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 544 tmpxtllxmbq.exe