Overview

overview

10

Static

static

1

my men.bat

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    my men.bat

  • Size

    337KB

  • Sample

    240327-2df1sagc3t

  • MD5

    7f64d778dcb01f53a2fb1ad9e88c7833

  • SHA1

    b776570b989237988fcfdf07c57122a90a4df13a

  • SHA256

    0bb975d3f962e67b05877d4de8f0c49eca86992c0d38890148ec78d01a7d4d91

  • SHA512

    667fdd15ed509ed580466b2b4b629c0a94cc7a9d2d37f3d0a0b844f8284be1923cd8b57ca69a92f67b81e8e28d6e74367259f72e554b2e9148ad310435d8e655

  • SSDEEP

    6144:pO9RfQQb7q7TqZnbOLYILURiZulrrQ5dxStevxP593o04M3Bwv3+XEKGVs7Pd08Q:pOjQ2q7TqpbOLYILURiZulrrQ5dxSte+

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:36301

character-acquisitions.gl.at.ply.gg:36301
Attributes
  • Install_directory

    %ProgramData%

  • install_file

    Hoodbyunlock.exe

Targets

    • Target

      my men.bat

    • Size

      337KB

    • MD5

      7f64d778dcb01f53a2fb1ad9e88c7833

    • SHA1

      b776570b989237988fcfdf07c57122a90a4df13a

    • SHA256

      0bb975d3f962e67b05877d4de8f0c49eca86992c0d38890148ec78d01a7d4d91

    • SHA512

      667fdd15ed509ed580466b2b4b629c0a94cc7a9d2d37f3d0a0b844f8284be1923cd8b57ca69a92f67b81e8e28d6e74367259f72e554b2e9148ad310435d8e655

    • SSDEEP

      6144:pO9RfQQb7q7TqZnbOLYILURiZulrrQ5dxStevxP593o04M3Bwv3+XEKGVs7Pd08Q:pOjQ2q7TqpbOLYILURiZulrrQ5dxSte+

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Drops startup file

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks