General
-
Target
nates macro.exe
-
Size
10.2MB
-
Sample
240701-h2wllasdjn
-
MD5
0abc92aa1ed1a37ee69430aad29db0cf
-
SHA1
b643f7deb310534a498a2ab0d6e3003d32f1a531
-
SHA256
bb7746771375e01fdcf8b68b46c17427c18a0df1db5b08e87c2739eed0fc1a02
-
SHA512
da719082c32f6d41c5c918a341532f1d0aac1a1bcc4c1b50cbeca6ef48731b909f6c255650eeae45530cca782bdc5bcd453117f5475f9b081bfa524f8a6eccdd
-
SSDEEP
196608:/7PiafrD8T87vHkX4FOLnp7rhi1NeFI3Bnefve5747TxOFDhk:/7hri87f1Fu7liT3COGTxo+
Static task
static1
Behavioral task
behavioral1
Sample
nates macro.exe
Resource
win7-20240508-en
Malware Config
Extracted
xworm
5.0
amount-socket.gl.at.ply.gg:29643
CBOJbsqFCwukBOQm
-
install_file
USB.exe
Targets
-
-
Target
nates macro.exe
-
Size
10.2MB
-
MD5
0abc92aa1ed1a37ee69430aad29db0cf
-
SHA1
b643f7deb310534a498a2ab0d6e3003d32f1a531
-
SHA256
bb7746771375e01fdcf8b68b46c17427c18a0df1db5b08e87c2739eed0fc1a02
-
SHA512
da719082c32f6d41c5c918a341532f1d0aac1a1bcc4c1b50cbeca6ef48731b909f6c255650eeae45530cca782bdc5bcd453117f5475f9b081bfa524f8a6eccdd
-
SSDEEP
196608:/7PiafrD8T87vHkX4FOLnp7rhi1NeFI3Bnefve5747TxOFDhk:/7hri87f1Fu7liT3COGTxo+
-
Detect Xworm Payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-