xworm | b4dd3e93356329c076c0d2cd5ac30a806daf46006bdb81199355952e9d949424 | Triage

Resubmissions

03-02-2023 19:04

230203-xq7xtada31 10

03-02-2023 18:51

230203-xhzw8sce2z 10

Sharing

General

Target

gh.ps1
Size

3.0MB
Sample

230203-xq7xtada31
MD5

bd5d0e34444ce843ceaf89e3d043689b
SHA1

48ca53702e02f4e3e1c5a3af765909dd3496ccde
SHA256

b4dd3e93356329c076c0d2cd5ac30a806daf46006bdb81199355952e9d949424
SHA512

9ff668ca794d4759132e893b6b31883ceefd0698e7b165427af8e62ca24bf7a75c3cc45758a3f1c9982370d4d37518d1e012c78a9bb2e007040c97677eeeb91d
SSDEEP

49152:zY1wOeTfeinwRg0Yd0YtWdR2++BqkPiblNmBZOqsHtL3rdyW6JKHINYMpnkq/3+k:R

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

C2

147.185.221.223:30420

Mutex

gnN7BZB0mS3RfWcg

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  gh.ps1
- Size
  
  3.0MB
- MD5
  
  bd5d0e34444ce843ceaf89e3d043689b
- SHA1
  
  48ca53702e02f4e3e1c5a3af765909dd3496ccde
- SHA256
  
  b4dd3e93356329c076c0d2cd5ac30a806daf46006bdb81199355952e9d949424
- SHA512
  
  9ff668ca794d4759132e893b6b31883ceefd0698e7b165427af8e62ca24bf7a75c3cc45758a3f1c9982370d4d37518d1e012c78a9bb2e007040c97677eeeb91d
- SSDEEP
  
  49152:zY1wOeTfeinwRg0Yd0YtWdR2++BqkPiblNmBZOqsHtL3rdyW6JKHINYMpnkq/3+k:R
Score

10^/10

xworm rat trojan
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2