General
-
Target
2024-07-01_4cbd2f5201ad48eee23285fa5bd1b0db_hiddentear
-
Size
162KB
-
Sample
240701-hmx6wasanl
-
MD5
4cbd2f5201ad48eee23285fa5bd1b0db
-
SHA1
36b9840c9bc6a1f5355765274fed589a453822f8
-
SHA256
e9a7cd4800b26c3a79f0595ee797afdaa43d39307cc203a555e3265365977347
-
SHA512
a96ed9090b45ca891e1e8c189c5d21e3ed8ed2705c1f07e16126d3df1acbe76bfb65a7a9710d8d31c354d9205478f6d5897161918f15cc5c58710324b5ea6627
-
SSDEEP
3072:ST2oLp7ZAZb1O28wROqcAM+lmsolAIrRuw+mqv9j1MWLQI:UxgbDCT+lDAA
Behavioral task
behavioral1
Sample
2024-07-01_4cbd2f5201ad48eee23285fa5bd1b0db_hiddentear.exe
Resource
win7-20240611-en
Malware Config
Extracted
xworm
3.1
172.94.32.98:7600
-
Install_directory
%AppData%
-
install_file
USB.exe
Targets
-
-
Target
2024-07-01_4cbd2f5201ad48eee23285fa5bd1b0db_hiddentear
-
Size
162KB
-
MD5
4cbd2f5201ad48eee23285fa5bd1b0db
-
SHA1
36b9840c9bc6a1f5355765274fed589a453822f8
-
SHA256
e9a7cd4800b26c3a79f0595ee797afdaa43d39307cc203a555e3265365977347
-
SHA512
a96ed9090b45ca891e1e8c189c5d21e3ed8ed2705c1f07e16126d3df1acbe76bfb65a7a9710d8d31c354d9205478f6d5897161918f15cc5c58710324b5ea6627
-
SSDEEP
3072:ST2oLp7ZAZb1O28wROqcAM+lmsolAIrRuw+mqv9j1MWLQI:UxgbDCT+lDAA
-
Detect Xworm Payload
-
Detects Windows executables referencing non-Windows User-Agents
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-