Overview

overview

10

Static

static

1

help.cmd

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    help.cmd

  • Size

    270KB

  • Sample

    240905-peczaszhkn

  • MD5

    d966ebfeb33c0a4af5bc6e32d49de38b

  • SHA1

    1e80bc28fb251c7f58785f14c896562001c9e3c8

  • SHA256

    b40b871839c47e627c4287c2cce13c68172cdee3b7db8c44076ff8f921aec89c

  • SHA512

    f9cce5b6a5ec1f68c78d69de287fe3e82b6edc8acfbb811d9f1529ee1cf9c252b73e2a0f2008104a1e9e02d973ae6538c26cf99e5a4621212dfa4535c92009f8

  • SSDEEP

    6144:aKzAiQq0roRLcd61eB9sHHUR/gHbY7f3tPeVVICyK:aKzA1quecd61eB9MYk8vIV2K

Score
10/10
xwormexecutionrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

comeback.ddnsgeek.com:115

Mutex

jcIHHbP6D1wC2QQM

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      help.cmd

    • Size

      270KB

    • MD5

      d966ebfeb33c0a4af5bc6e32d49de38b

    • SHA1

      1e80bc28fb251c7f58785f14c896562001c9e3c8

    • SHA256

      b40b871839c47e627c4287c2cce13c68172cdee3b7db8c44076ff8f921aec89c

    • SHA512

      f9cce5b6a5ec1f68c78d69de287fe3e82b6edc8acfbb811d9f1529ee1cf9c252b73e2a0f2008104a1e9e02d973ae6538c26cf99e5a4621212dfa4535c92009f8

    • SSDEEP

      6144:aKzAiQq0roRLcd61eB9sHHUR/gHbY7f3tPeVVICyK:aKzA1quecd61eB9MYk8vIV2K

    Score
    10/10
    xwormexecutionrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks