Overview

overview

10

Static

static

1

Skib on sigma.bat

windows11-21h2-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Skib on sigma.bat

  • Size

    293KB

  • Sample

    241109-vpfe3ayekn

  • MD5

    23c9458762dbe5435b6db4cc7e54a34b

  • SHA1

    cfcf4d5deb44aebe344b723eeea024d76ef80793

  • SHA256

    2a95e5bad57e737a8a8ef09518d691ca15d29662dcd2a6c5280dafecc9698ac6

  • SHA512

    9184f29327d7da75b31aee6108fc2ab8e4828e5684ac9ad0ecc0aa80fe0e49514f177b513202d5d0269f2c4c44d19dbca5425e4642c3246ffa1a8fe6cc5f77c2

  • SSDEEP

    6144:/xjI8Qgs9ZH+QHefkqFnaXzWHZpIt36OspPqiPIGFY1pz0fcBj89:5jPrsD+QHCkyaXK3dOYP2G2nAUBo9

Score
10/10
xwormexecutionpersistencerattrojan

Malware Config

Extracted

Family

xworm

C2

149.40.62.55:60447

Attributes
  • Install_directory

    %AppData%

  • install_file

    System User.exe

Targets

    • Target

      Skib on sigma.bat

    • Size

      293KB

    • MD5

      23c9458762dbe5435b6db4cc7e54a34b

    • SHA1

      cfcf4d5deb44aebe344b723eeea024d76ef80793

    • SHA256

      2a95e5bad57e737a8a8ef09518d691ca15d29662dcd2a6c5280dafecc9698ac6

    • SHA512

      9184f29327d7da75b31aee6108fc2ab8e4828e5684ac9ad0ecc0aa80fe0e49514f177b513202d5d0269f2c4c44d19dbca5425e4642c3246ffa1a8fe6cc5f77c2

    • SSDEEP

      6144:/xjI8Qgs9ZH+QHefkqFnaXzWHZpIt36OspPqiPIGFY1pz0fcBj89:5jPrsD+QHCkyaXK3dOYP2G2nAUBo9

    Score
    10/10
    xwormexecutionpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks