Overview

overview

10

Static

static

1

fixer.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fixer.bat

  • Size

    90KB

  • Sample

    240714-rd43hawbkc

  • MD5

    8ef5dfef9a17f6dc62a289f2d6dd2f52

  • SHA1

    ca70071f9a8bcdac6dac1f55cddefc8ea8f5450e

  • SHA256

    390c645e1dbd876915483c96ef92493c31189279f3a9f4d09006c3ee41b72259

  • SHA512

    a47b020fbb962a3a32d2f3027612dce6bbab2bdca5a3b377a99a751d949966077f07c5deefd1ccaca0fb3a429bfe1fa7445636a0389592e7a7fc704486168f77

  • SSDEEP

    1536:qejn4dW7T6lKW4yCuoD1q+Ajd9dpkmMI3oIdMwwtuCUA3NSzasKMAtvdL:qJ86lKoCuoDO/dpkmHoIe8W9QxKMw

Score
10/10
xwormexecutionrattrojan

Malware Config

Extracted

Family

xworm

C2

plans-label.gl.at.ply.gg:14233

Attributes
  • Install_directory

    %Public%

  • install_file

    Runtime Broker.exe

Targets

    • Target

      fixer.bat

    • Size

      90KB

    • MD5

      8ef5dfef9a17f6dc62a289f2d6dd2f52

    • SHA1

      ca70071f9a8bcdac6dac1f55cddefc8ea8f5450e

    • SHA256

      390c645e1dbd876915483c96ef92493c31189279f3a9f4d09006c3ee41b72259

    • SHA512

      a47b020fbb962a3a32d2f3027612dce6bbab2bdca5a3b377a99a751d949966077f07c5deefd1ccaca0fb3a429bfe1fa7445636a0389592e7a7fc704486168f77

    • SSDEEP

      1536:qejn4dW7T6lKW4yCuoD1q+Ajd9dpkmMI3oIdMwwtuCUA3NSzasKMAtvdL:qJ86lKoCuoDO/dpkmHoIe8W9QxKMw

    Score
    10/10
    xwormexecutionrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks