Overview

overview

10

Static

static

1

FUD.vbs

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FUD.vbs

  • Size

    49KB

  • Sample

    240719-pwk18svela

  • MD5

    d8a01840991ce4da750ce30c9e0de647

  • SHA1

    bf829740ca93fc40db6f220975d951d719b11400

  • SHA256

    705517a76c090d34f3f6308fb4e3dea39936c437f21bfab5b696dc5bf8cfbd1d

  • SHA512

    8cdb781205abf955ca5f3e1605d920b97854ab8ee87ed3453361efec7a0ae8266bab7ee750fd3b8b0308205ad8dfdbc6239f1e659d354d8cbb2c033ecfc7aa0e

  • SSDEEP

    1536:16BPHGlJlEoP8wA1diYccc1F15DcL1+Vv:16BPHGL2YAjc1VDcZ+Vv

Score
10/10
xwormexecutionrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

components-resort.gl.at.ply.gg:9316

Mutex

9iQ7G5OTbffVR8bL

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

aes.plain

Targets

    • Target

      FUD.vbs

    • Size

      49KB

    • MD5

      d8a01840991ce4da750ce30c9e0de647

    • SHA1

      bf829740ca93fc40db6f220975d951d719b11400

    • SHA256

      705517a76c090d34f3f6308fb4e3dea39936c437f21bfab5b696dc5bf8cfbd1d

    • SHA512

      8cdb781205abf955ca5f3e1605d920b97854ab8ee87ed3453361efec7a0ae8266bab7ee750fd3b8b0308205ad8dfdbc6239f1e659d354d8cbb2c033ecfc7aa0e

    • SSDEEP

      1536:16BPHGlJlEoP8wA1diYccc1F15DcL1+Vv:16BPHGL2YAjc1VDcZ+Vv

    Score
    10/10
    xwormexecutionrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Blocklisted process makes network request

    • Drops startup file

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks