Overview

overview

10

Static

static

1

URLScan

urlscan

https://teletype.in/...

windows10-ltsc 2021-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://teletype.in/@thread_type/IGorbHrQvQk

  • Sample

    241109-mgx15ssjay

Score
10/10
xwormdiscoveryexecutionphishingrattrojan

Malware Config

Extracted

Family

xworm

C2

146.190.110.91:3389

Attributes
  • Install_directory

    %AppData%

  • install_file

    smartscreen.exe

  • telegram

    https://api.telegram.org/bot7558158256:AAEHTwnKaP3Xe69dD2Vmm9pirMBLikK6uhw/sendMessage?chat_id=8071457805

Targets

    • Target

      https://teletype.in/@thread_type/IGorbHrQvQk

    Score
    10/10
    xwormdiscoveryexecutionphishingrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • A potential corporate email address has been identified in the URL: httpsteletype.in@threadtypeIGorbHrQvQk

      phishing

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks