General
-
Target
doc_Rfq_TNTM Új rend TM00002916620 exp_pdf.exe
-
Size
2.1MB
-
Sample
240629-htsjzawdmp
-
MD5
f6a8c9894f707a594a924f4c197f0f2a
-
SHA1
a6cd353fe512a4f1c6d74064979f4475c574ddd7
-
SHA256
542ddd41bf8603c95458d6c2c15e1a0cff107fbabac55b69b92bd40fd8bf1696
-
SHA512
a9e8a3d1705b7f95944a406f7639c07497ae50b9a11b9f77304bcb1d33cda4f3a05c831b47206d153da7c7d9eae22b84e0a17b9aae0ee1f36784acf4b63951b4
-
SSDEEP
49152:jF50a6aPVOFMx3SmroCZscivbS6mqxEWoKmqZJffp3vSsqPUWeaw1GmNOm/:XroA7PDa
Static task
static1
Behavioral task
behavioral1
Sample
doc_Rfq_TNTM Új rend TM00002916620 exp_pdf.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
doc_Rfq_TNTM Új rend TM00002916620 exp_pdf.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
xworm
5.0
twart.myfirewall.org:59012
gOdjUs2unoOU0NeI
-
Install_directory
%AppData%
-
install_file
windows.exe
Targets
-
-
Target
doc_Rfq_TNTM Új rend TM00002916620 exp_pdf.exe
-
Size
2.1MB
-
MD5
f6a8c9894f707a594a924f4c197f0f2a
-
SHA1
a6cd353fe512a4f1c6d74064979f4475c574ddd7
-
SHA256
542ddd41bf8603c95458d6c2c15e1a0cff107fbabac55b69b92bd40fd8bf1696
-
SHA512
a9e8a3d1705b7f95944a406f7639c07497ae50b9a11b9f77304bcb1d33cda4f3a05c831b47206d153da7c7d9eae22b84e0a17b9aae0ee1f36784acf4b63951b4
-
SSDEEP
49152:jF50a6aPVOFMx3SmroCZscivbS6mqxEWoKmqZJffp3vSsqPUWeaw1GmNOm/:XroA7PDa
Score10/10-
Detect Xworm Payload
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-