General
-
Target
NUEVO_REPORTE_ANEXO_POR_SANCIONES_EFECTUADAS_HALLAZGOS_IRREGULARIDADES_AUDITORIA_SISTEMAS_DE_SALUD_ENTIDADES_PRESTADORAS
-
Size
4KB
-
Sample
250702-xzwwxa1ky8
-
MD5
4c176c689ec675837bdc24bc40778e2a
-
SHA1
b2ba87bd051c4aed5e96d52581af80b86fe43411
-
SHA256
1a3b69e6a2900774498c5c2bb072332ffa606ecdfe15f2a3a4b2e5051ef13a28
-
SHA512
5f40c5dffb0bf0274412e84729b0ceb222d0575df32d323f06cac2846ddf41fb752fcd6cce9929803e98d99bf0a114f986548d33747337ec4f5a548ef95e91ed
-
SSDEEP
96:EawPBZCj3H/CTZPOK2RfHqFkBedM9kAHSvDRgvq8d9Qo3OwGRTawC:VwA3H/o72oFCxRHSvuyEP3wOwC
Static task
static1
Behavioral task
behavioral1
Sample
NUEVO_REPORTE_ANEXO_POR_SANCIONES_EFECTUADAS_HALLAZGOS_IRREGULARIDADES_AUDITORIA_SISTEMAS_DE_SALUD_E.js
Resource
win10v2004-20250610-en
Malware Config
Extracted
https://archive.org/download/universe-1733359315202-8750/universe-1733359315202-8750.jpg
https://archive.org/download/universe-1733359315202-8750/universe-1733359315202-8750.jpg
Targets
-
-
Target
NUEVO_REPORTE_ANEXO_POR_SANCIONES_EFECTUADAS_HALLAZGOS_IRREGULARIDADES_AUDITORIA_SISTEMAS_DE_SALUD_ENTIDADES_PRESTADORAS_Y_PROMOTORAS_DE_SALUD_COMUNICADO_0002398_MINSALUDpdf.js
-
Size
19KB
-
MD5
9f6c707c6678a8c0bf0d1fe1412b26a6
-
SHA1
3c6425c1a5dbfe0a425ee46cc1a4b9a4f8fb8ed1
-
SHA256
0fd706ebd884e6678f5d0c73c42d7ee05dcddd53963cf53542d5a8084ea82ad1
-
SHA512
c8c469d76efbde71a296f7c59537b58475a6359e823ac6800e5bc0c1b1f6f442b665fd4d0401f55da8cc8426002d686ed7af6046a22ae38f6bbec173c3127b29
-
SSDEEP
192:QTV70IM2f2BWAK/Mbk2B6BnLWlxj4eO05VG8IUZYDanl:0V1M2+M+bdYNc7v1IUyDo
-
Detect Xworm Payload
-
Xworm family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-