General
-
Target
f6a8c9894f707a594a924f4c197f0f2a.bin
-
Size
1016KB
-
Sample
240701-ermddswbqf
-
MD5
cb3fc618f616cb7eb490282507fda944
-
SHA1
55f846b5ac847b3431b2282f8606402d0b624d1a
-
SHA256
041b2ea848079aab1e0b6bd1a6cf2a89e005b88b8ec2186c349f9f2a8ef0c08c
-
SHA512
c7613c47adce3ed72d7d205326b5f1854b816c287d7393ea0b938513226273594acfaf5774c3fccba80e69887ca9ac116bb2249f1c979cad73dd695b081dee88
-
SSDEEP
24576:C8LhunDDLg6q48sLnLh/GTLZIoF/shuUdAiW3bV3i6YJJ2:CtOeLhefZIqZj3i6YJQ
Static task
static1
Behavioral task
behavioral1
Sample
542ddd41bf8603c95458d6c2c15e1a0cff107fbabac55b69b92bd40fd8bf1696.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
542ddd41bf8603c95458d6c2c15e1a0cff107fbabac55b69b92bd40fd8bf1696.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
xworm
5.0
twart.myfirewall.org:59012
gOdjUs2unoOU0NeI
-
Install_directory
%AppData%
-
install_file
windows.exe
Targets
-
-
Target
542ddd41bf8603c95458d6c2c15e1a0cff107fbabac55b69b92bd40fd8bf1696.exe
-
Size
2.1MB
-
MD5
f6a8c9894f707a594a924f4c197f0f2a
-
SHA1
a6cd353fe512a4f1c6d74064979f4475c574ddd7
-
SHA256
542ddd41bf8603c95458d6c2c15e1a0cff107fbabac55b69b92bd40fd8bf1696
-
SHA512
a9e8a3d1705b7f95944a406f7639c07497ae50b9a11b9f77304bcb1d33cda4f3a05c831b47206d153da7c7d9eae22b84e0a17b9aae0ee1f36784acf4b63951b4
-
SSDEEP
49152:jF50a6aPVOFMx3SmroCZscivbS6mqxEWoKmqZJffp3vSsqPUWeaw1GmNOm/:XroA7PDa
Score10/10-
Detect Xworm Payload
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-