Extracted

• • Target

    PROCESO JUDICIAL N0° 003494 9494 - ACUSACIÓN JUDICIAL.bat

  • Size

    210KB

  • MD5

    24e3c5a8c5ce37efb76a08a124a2f525

  • SHA1

    1378fa68873d9ce2368aac281632ff5dab2f59d0

  • SHA256

    233bca3f0a5f3dbc98d3765ecc8631fd552366a78f052cc13c970b94a107e459

  • SHA512

    e9ae4a7948cefe01143e5646220f9b6d1c78b34db0ec4f2220d74daf8add209d5b55f76eb2fcf2b3d995cdeee957aebb3e0f9f736cced0ddba8ba249d18bcc62

  • SSDEEP

    6144:vZuSzJTZolPPaVOZwrXQJ5RV5RFVVjRbVbJlv8:B

  Score

  10^/10

  executionxwormrattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Drops startup file

  behavioral1behavioral2