Overview

overview

10

Static

static

1

2.bat

windows7-x64

7

2.bat

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2.bat

  • Size

    272KB

  • Sample

    240127-xkap5ahhh5

  • MD5

    b6c958bc875379f7eb6b3325146ea119

  • SHA1

    7c39660981558777553f3a2413b5e6e581e0120d

  • SHA256

    e5dac6f6d2ab4c479c5c3e91064f335de141c8399bd93f8267e13f134c578c0f

  • SHA512

    097847cc7eb5d105b8164f343034ddf05c6e2d2507cceb662d5691084b55ab806e911e53ac883a43eb471d47bb18771f3ef0bb4b2c420b5ced4575adf0871fed

  • SSDEEP

    6144:y9vq2ZtznY7vt0oUcnQyYdZuuyn4GWkSEiavfyNIOv023tri/3+4Cp:QvhZpY7vyVcnAewSigy+2o+4g

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

2.2

C2

65.1.224.214:7000

Mutex

4zspTGvmRIiXLbzW

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      2.bat

    • Size

      272KB

    • MD5

      b6c958bc875379f7eb6b3325146ea119

    • SHA1

      7c39660981558777553f3a2413b5e6e581e0120d

    • SHA256

      e5dac6f6d2ab4c479c5c3e91064f335de141c8399bd93f8267e13f134c578c0f

    • SHA512

      097847cc7eb5d105b8164f343034ddf05c6e2d2507cceb662d5691084b55ab806e911e53ac883a43eb471d47bb18771f3ef0bb4b2c420b5ced4575adf0871fed

    • SSDEEP

      6144:y9vq2ZtznY7vt0oUcnQyYdZuuyn4GWkSEiavfyNIOv023tri/3+4Cp:QvhZpY7vyVcnAewSigy+2o+4g

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks