General
-
Target
info.cmd
-
Size
80KB
-
Sample
240523-t17s1shb6v
-
MD5
43f3ee9c714203eeccd5503d17a36105
-
SHA1
d554becc96c1296d948382fd2ea8c1a1ad0184c8
-
SHA256
c153c05ebbf7db866984c1b21da5bfebbaedcfa5fce0cecb09a50377e0503a53
-
SHA512
f54a1bc1772bd6c6651dc2df50fa2cfca70c7bd8b89307d66e3a290aa881c7cda5176ead1b00566f54d729e68cbd57832d02580664da9a361ee1db95b5ac296d
-
SSDEEP
1536:UlFEtm9P8DRSi0ga9pZ8nS0JdX48PiZ5LU/8ZeMhRY6NP/gLl+uC:UlgROg6N0x6ZxUEXRYA/8lE
Malware Config
Extracted
xworm
3.1
newremisco2905.duckdns.org:2905
0h9jcqiqjT5SnJcR
-
install_file
USB.exe
Targets
-
-
Target
info.cmd
-
Size
80KB
-
MD5
43f3ee9c714203eeccd5503d17a36105
-
SHA1
d554becc96c1296d948382fd2ea8c1a1ad0184c8
-
SHA256
c153c05ebbf7db866984c1b21da5bfebbaedcfa5fce0cecb09a50377e0503a53
-
SHA512
f54a1bc1772bd6c6651dc2df50fa2cfca70c7bd8b89307d66e3a290aa881c7cda5176ead1b00566f54d729e68cbd57832d02580664da9a361ee1db95b5ac296d
-
SSDEEP
1536:UlFEtm9P8DRSi0ga9pZ8nS0JdX48PiZ5LU/8ZeMhRY6NP/gLl+uC:UlgROg6N0x6ZxUEXRYA/8lE
Score10/10-
Detect Xworm Payload
-
Xworm
Xworm is a remote access trojan written in C#.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-