General
-
Target
81513a82573e2a72bf3b56b6b309ea2f73716f602e1f00d0ee957abd3408b6a3.exe
-
Size
2.3MB
-
Sample
240630-bn4xgsvdpn
-
MD5
5bc392a75e9f0c3b36f344096f0183cc
-
SHA1
a2f48b659efa913e5ed17d1621f517c21a9305a6
-
SHA256
81513a82573e2a72bf3b56b6b309ea2f73716f602e1f00d0ee957abd3408b6a3
-
SHA512
f9224d1f9818b2a4c93276467719e535f3f66c5f4a9d6f2287669307ecb276dfb9f202007cd9c801a0ea1ef63630eac4ca03ce9de4aab6086b9d941e54c017eb
-
SSDEEP
12288:z5DIexdM4iE+o+OKtDY2z1ZWtpMo4mSUvIZAg+GSsgHU:1DIexgo+OKtDYq12MqSUv8Ag+tY
Static task
static1
Behavioral task
behavioral1
Sample
81513a82573e2a72bf3b56b6b309ea2f73716f602e1f00d0ee957abd3408b6a3.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
81513a82573e2a72bf3b56b6b309ea2f73716f602e1f00d0ee957abd3408b6a3.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
xworm
5.0
127.0.0.1:7733
104.161.80.204:7733
R4c17KU2odlSGK04
-
Install_directory
%AppData%
-
install_file
System.exe
Targets
-
-
Target
81513a82573e2a72bf3b56b6b309ea2f73716f602e1f00d0ee957abd3408b6a3.exe
-
Size
2.3MB
-
MD5
5bc392a75e9f0c3b36f344096f0183cc
-
SHA1
a2f48b659efa913e5ed17d1621f517c21a9305a6
-
SHA256
81513a82573e2a72bf3b56b6b309ea2f73716f602e1f00d0ee957abd3408b6a3
-
SHA512
f9224d1f9818b2a4c93276467719e535f3f66c5f4a9d6f2287669307ecb276dfb9f202007cd9c801a0ea1ef63630eac4ca03ce9de4aab6086b9d941e54c017eb
-
SSDEEP
12288:z5DIexdM4iE+o+OKtDY2z1ZWtpMo4mSUvIZAg+GSsgHU:1DIexgo+OKtDYq12MqSUv8Ag+tY
-
Detect Xworm Payload
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects executables packed with or use KoiVM
-
Suspicious use of SetThreadContext
-