Overview

overview

10

Static

static

1

Loader.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Loader.bat

  • Size

    289KB

  • Sample

    240429-3q5qcaed41

  • MD5

    15a31e6b43cde7114b2205ce0a38123a

  • SHA1

    1fccd0820d54edb0e8d0f532e8ffd1c024f234d4

  • SHA256

    4570f682c283ce929e8e43642522440b9b874ea605cb2e14b53ec4296631e090

  • SHA512

    af8b38caa5c62b83f8060af340a27b3c2285f5e8d21cc6868c5289575bd4e5b6c1ff9aed888293d1cbf87011ba82d2a5ced0ff27b3c296cdabcc4b333e9453e5

  • SSDEEP

    6144:E9qvCM2ntB9heJgUPXRNzufWQBxm8VaKC/w91wskhkIp26QuI6ZBEu6:zInFheJxzzpeCo9uhkWD26Uj

Score
10/10
xwormpersistencerattrojan

Malware Config

Extracted

Family

xworm

C2

looking-memphis.gl.at.ply.gg:45119

Attributes
  • Install_directory

    %Userprofile%

  • install_file

    winhelper.exe

Targets

    • Target

      Loader.bat

    • Size

      289KB

    • MD5

      15a31e6b43cde7114b2205ce0a38123a

    • SHA1

      1fccd0820d54edb0e8d0f532e8ffd1c024f234d4

    • SHA256

      4570f682c283ce929e8e43642522440b9b874ea605cb2e14b53ec4296631e090

    • SHA512

      af8b38caa5c62b83f8060af340a27b3c2285f5e8d21cc6868c5289575bd4e5b6c1ff9aed888293d1cbf87011ba82d2a5ced0ff27b3c296cdabcc4b333e9453e5

    • SSDEEP

      6144:E9qvCM2ntB9heJgUPXRNzufWQBxm8VaKC/w91wskhkIp26QuI6ZBEu6:zInFheJxzzpeCo9uhkWD26Uj

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks