Overview

overview

10

Static

static

1

RESUMEN TR...90.bat

windows7-x64

8

RESUMEN TR...90.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5da5be9222d4c2eea3c8488142967635.zip

  • Size

    5KB

  • Sample

    241203-apf2dawnbm

  • MD5

    5da5be9222d4c2eea3c8488142967635

  • SHA1

    81b969bb7b2c1977dc65c6876e7378f0a5878c98

  • SHA256

    4029b281ff0ccee03091490a857956f6e71068ab4d60915ccef9c3e1cb4de4e3

  • SHA512

    eaf2b2663dff52b398a2bed80a568acca8bcd45920d2452cbf6ad1ca8990600d0422bead5331029d133e08bb4eccd286013ce86d52e2cc3cca488080e815c4e0

  • SSDEEP

    96:I1v27m1Z+HfytUNLs8CT4FQSFukRYSJNJ/uWHob49jGNG0QJog/uN:I1v27mrKRNP04kkd8XqL0QJog/U

Score
10/10
xwormdiscoveryexecutionrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

87.120.116.179:1300

Mutex

B48go7npq3kwDYCH

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      RESUMEN TRANSACCIONAL NO 987657456798786765476890.bat

    • Size

      47KB

    • MD5

      65d8a93edb5aeb9fc34964dea9f98602

    • SHA1

      76581dbf1984576d325e108c585cd7fbd0b09006

    • SHA256

      8c47e2ff28df3de6fa35509c4c3be6069e1a99fedea3d6992f61c53d49b248a7

    • SHA512

      9105a7e781eeea5db245a72b86606a2d681a9eefc0e23c1da3053ee1b61635320a5c1e1f53ca56296f5844cacc736de100cc65930c85ee4f07b8546225418b47

    • SSDEEP

      768:aoc6FkLLiNhoc6FkLLiNIoc6FkLLiN9oc6FkLLiNRoc6FkLLiNPc1aa5oc6FkLLx:aopF4ONhopF4ONIopF4ON9opF4ONRop6

    Score
    10/10
    executionxwormdiscoveryrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks