General
-
Target
2024-06-28_cf237eeab248f01b9615211042857f7f_hiddentear
-
Size
157KB
-
Sample
240629-affdgsyglk
-
MD5
cf237eeab248f01b9615211042857f7f
-
SHA1
d68972d8ef6f7e7394771eda9d72e4e47e4bbe52
-
SHA256
64ba60e41476d524ebb49d62de95e2b4bc19d7cfdedbc17048a5113efcdf36f6
-
SHA512
5a3f9d0acccd7ef46e55b3d86b81213db0af014b34d6611388d87b5f0147f01d884a5e929ef19a179eaffd18b20e9913b49b560fdba63023f955510fc204c4fc
-
SSDEEP
3072:8K62ZVTj+bw1nSBOJCM+lmsolAIrRuw+mqv9j1MWLQR:mbInV+lDAA
Behavioral task
behavioral1
Sample
2024-06-28_cf237eeab248f01b9615211042857f7f_hiddentear.exe
Resource
win7-20240220-en
Malware Config
Extracted
xworm
westxw.duckdns.org:1604
-
Install_directory
%AppData%
-
install_file
dekont.exe
Targets
-
-
Target
2024-06-28_cf237eeab248f01b9615211042857f7f_hiddentear
-
Size
157KB
-
MD5
cf237eeab248f01b9615211042857f7f
-
SHA1
d68972d8ef6f7e7394771eda9d72e4e47e4bbe52
-
SHA256
64ba60e41476d524ebb49d62de95e2b4bc19d7cfdedbc17048a5113efcdf36f6
-
SHA512
5a3f9d0acccd7ef46e55b3d86b81213db0af014b34d6611388d87b5f0147f01d884a5e929ef19a179eaffd18b20e9913b49b560fdba63023f955510fc204c4fc
-
SSDEEP
3072:8K62ZVTj+bw1nSBOJCM+lmsolAIrRuw+mqv9j1MWLQR:mbInV+lDAA
-
Detect Xworm Payload
-
Detects Windows executables referencing non-Windows User-Agents
-
Drops startup file
-