General
-
Target
03072025_0532_F.186 DEL 25072025_6.vbs.zip
-
Size
59KB
-
Sample
250703-f8g1nsvlx2
-
MD5
11e6e386046aa3461bfe0950787869ad
-
SHA1
aee7469dd95e49ed9ab240eb65cad0fc30c3193f
-
SHA256
9d2c73cfa7c33619ef39cf9730018743a64131c2f4df6c364f6eab96e15e71f6
-
SHA512
f82b5f7c36cb778faaa89617188d45c6007e92f4f5a1b08c6e0d3761db3f09e13f0c008a190ef245618b3d50d34b4958cafed4196e0c166851a78d4428ee0cba
-
SSDEEP
1536:4bhIboJZx2cpbxRgZ1ERa70LcFeP1hekQNxPAvKj:Uyqx2cx6oC0LcgP1hefxPAg
Static task
static1
Behavioral task
behavioral1
Sample
F.186 DEL 25072025_6.vbs
Resource
win10v2004-20250610-en
Behavioral task
behavioral2
Sample
F.186 DEL 25072025_6.vbs
Resource
win11-20250610-en
Malware Config
Extracted
xworm
www.ferrylin.com:2556
-
install_file
USB.exe
Targets
-
-
Target
F.186 DEL 25072025_6.vbs
-
Size
136KB
-
MD5
246bd115dc7efb015ff481bbdcd8e87a
-
SHA1
60180717a4e1d8edd1b56ff85afa09f246b50b70
-
SHA256
46ec10fa2fe3012d14eeab3898662bdac76e088003c53108647181ea225764ab
-
SHA512
c6c5634238d3bf53aa47eab90b4d4a81e452b65b6119da28439fa6a087743e55f5045acfb7618c68b495b738147c7bbf1d50746bb766e819a05db79dc4d440cf
-
SSDEEP
3072:FUnXpbwjuDh+IOwsItUAXgAbdTMztbzhJf7GFRI0bBHuJ+uYjGVDCc:KnXpbwjuDh+IOwXtUAXgAbezZHIF8Jvn
Score10/10-
Detect Xworm Payload
-
Xworm family
-
Clears Windows event logs
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-