Overview

overview

10

Static

static

1

0aa75efa4d...03.ps1

windows7-x64

1

0aa75efa4d...03.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0aa75efa4d6847f998109301da50ff119187507f08b3119148b9db5844e7c703.ps1

  • Size

    12.0MB

  • Sample

    240428-beqy9scg8z

  • MD5

    8520b4800af18dc9288264498350c16d

  • SHA1

    3d3c2daf837a5faca7dbff7de7b12b6c7a066291

  • SHA256

    0aa75efa4d6847f998109301da50ff119187507f08b3119148b9db5844e7c703

  • SHA512

    9822c61c1c844915d6645d42319a5909bc1efb16966cad80bd153acbe02fdbdf76c546b9f341561358ab163c62a3160ad5b569efd7b976fbda502aba1378c405

  • SSDEEP

    24576:rSUMUHnRI2kiE/ef9E+N45KZ9EqWlmevbBel/Yvn0lFwuPiJ3/V8eRSLXs3z+DWv:2vXS+5kmoQTskvKSpd1iwV0jl5

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

hjxwrm5.duckdns.org:8896

Mutex

MSmkrgH8xVI2Dczk

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      0aa75efa4d6847f998109301da50ff119187507f08b3119148b9db5844e7c703.ps1

    • Size

      12.0MB

    • MD5

      8520b4800af18dc9288264498350c16d

    • SHA1

      3d3c2daf837a5faca7dbff7de7b12b6c7a066291

    • SHA256

      0aa75efa4d6847f998109301da50ff119187507f08b3119148b9db5844e7c703

    • SHA512

      9822c61c1c844915d6645d42319a5909bc1efb16966cad80bd153acbe02fdbdf76c546b9f341561358ab163c62a3160ad5b569efd7b976fbda502aba1378c405

    • SSDEEP

      24576:rSUMUHnRI2kiE/ef9E+N45KZ9EqWlmevbBel/Yvn0lFwuPiJ3/V8eRSLXs3z+DWv:2vXS+5kmoQTskvKSpd1iwV0jl5

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Detects Windows executables referencing non-Windows User-Agents

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks