Overview

overview

10

Static

static

1

fixer.bat

windows10-ltsc 2021-x64

10

Resubmissions

01-12-2024 17:49

241201-wd91zaskbr 10

01-12-2024 17:46

241201-wcqkyaxmaw 10

01-12-2024 17:37

241201-v7ftjsxlcv 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fixer.bat

  • Size

    259KB

  • Sample

    241201-wd91zaskbr

  • MD5

    63f3ebe3fe598479517c1843d1f05944

  • SHA1

    4aaeed78293c47805595957cc3fa71d5fdd07d15

  • SHA256

    48b14d5f105efa0097cc24de8bbf0c334da58906addc06a9a42fe8274d8759e2

  • SHA512

    12d5f9c569812a7cef6838c64414757689ee811aecfbc21465b36c0bcecb755b8d75a5f5663bbc5e7d102532ed64cc788b370a00464869044e8576699d0b1e7b

  • SSDEEP

    6144:SIujxg7ViKrBi4Jya9IlvpPxmbkdtEGQQ9ZGeRFBc81tx4Z:m8VTrBiuEpYI3EQzJRFB5GZ

Score
10/10
xwormexecutionrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

cheflilou-43810.portmap.host:43810

Mutex

q2m91QtHDnjEQolK

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

aes.plain

Targets

    • Target

      fixer.bat

    • Size

      259KB

    • MD5

      63f3ebe3fe598479517c1843d1f05944

    • SHA1

      4aaeed78293c47805595957cc3fa71d5fdd07d15

    • SHA256

      48b14d5f105efa0097cc24de8bbf0c334da58906addc06a9a42fe8274d8759e2

    • SHA512

      12d5f9c569812a7cef6838c64414757689ee811aecfbc21465b36c0bcecb755b8d75a5f5663bbc5e7d102532ed64cc788b370a00464869044e8576699d0b1e7b

    • SSDEEP

      6144:SIujxg7ViKrBi4Jya9IlvpPxmbkdtEGQQ9ZGeRFBc81tx4Z:m8VTrBiuEpYI3EQzJRFB5GZ

    Score
    10/10
    xwormexecutionrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks