General
-
Target
Builder.bat
-
Size
40KB
-
Sample
250529-n3g3gs1px5
-
MD5
0a5c49d4db2cc1905113ad4761af0729
-
SHA1
4fb80e84a55f3cfc6ef06333e9e0fb2a8379d419
-
SHA256
067366759f9b33981eb40fe708af17d70ecd8fd0e426b032e8b1e01454420214
-
SHA512
3e39d9171b56b7fa6fd44d34b53dcf5ca5d5a9c35bb68cbc7eb8d5d4e5f6abb8a9aaade68e88b519f2109f122caa8f69246a96b7e111feac0df7372ae1aebb87
-
SSDEEP
768:nPnYRP6wAKnchex3qenmnZwBfEkifeFG9wfOuhCjru:nvYRPFdxaQ8kimFG9wfOu4G
Behavioral task
behavioral1
Sample
Builder.exe
Resource
win10ltsc2021-20250425-en
Malware Config
Extracted
xworm
fqLaHappNtycmPlr
-
Install_directory
%ProgramData%
-
install_file
USB.exe
-
pastebin_url
https://pastebin.com/raw/uk5hV6uc
Targets
-
-
Target
Builder.bat
-
Size
40KB
-
MD5
0a5c49d4db2cc1905113ad4761af0729
-
SHA1
4fb80e84a55f3cfc6ef06333e9e0fb2a8379d419
-
SHA256
067366759f9b33981eb40fe708af17d70ecd8fd0e426b032e8b1e01454420214
-
SHA512
3e39d9171b56b7fa6fd44d34b53dcf5ca5d5a9c35bb68cbc7eb8d5d4e5f6abb8a9aaade68e88b519f2109f122caa8f69246a96b7e111feac0df7372ae1aebb87
-
SSDEEP
768:nPnYRP6wAKnchex3qenmnZwBfEkifeFG9wfOuhCjru:nvYRPFdxaQ8kimFG9wfOu4G
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Detect Xworm Payload
-
Xworm family
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-