Overview

overview

10

Static

static

1

prueba.ps1

windows11-21h2-x64

10

Resubmissions

18-11-2024 15:42

241118-s5hh9avkdm 10

18-11-2024 15:39

241118-s3w9mazfmk 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    prueba.ps1

  • Size

    124B

  • Sample

    241118-s5hh9avkdm

  • MD5

    6542fcabb69f2e45e5abb6ef369d6b4b

  • SHA1

    a9e758873a6c57d87b7e3bf02cfc04be6959d59b

  • SHA256

    fd4dd13239fcd0e3171711951768b399b1b2210af3e6b4f7cc1c0a594bff7133

  • SHA512

    6f9a75d4e17909c0dea87683bec1286964b8b21db927650c72db8b33df37b07a16b84bd56db42a5055e20c1895821b541467812dc03d5cefb4a144cebb2afb26

Score
10/10
xwormdiscoveryexecutionrattrojan

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://185.147.124.40/Capcha.html

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://185.147.124.40/x/8.png

Extracted

Family

xworm

C2

185.147.124.40:4404

Attributes
  • install_file

    USB.exe

Targets

    • Target

      prueba.ps1

    • Size

      124B

    • MD5

      6542fcabb69f2e45e5abb6ef369d6b4b

    • SHA1

      a9e758873a6c57d87b7e3bf02cfc04be6959d59b

    • SHA256

      fd4dd13239fcd0e3171711951768b399b1b2210af3e6b4f7cc1c0a594bff7133

    • SHA512

      6f9a75d4e17909c0dea87683bec1286964b8b21db927650c72db8b33df37b07a16b84bd56db42a5055e20c1895821b541467812dc03d5cefb4a144cebb2afb26

    Score
    10/10
    xwormdiscoveryexecutionrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks