Overview

overview

10

Static

static

1

Transacci�...24.bat

windows7-x64

8

Transacci�...24.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    88934a2051ecc62af7d1c383c7c30876.zip

  • Size

    6KB

  • Sample

    241203-arm8gazqfy

  • MD5

    88934a2051ecc62af7d1c383c7c30876

  • SHA1

    2402f7d25de4f99833d1be52d49b5071328f880e

  • SHA256

    2784394efb434796b6764cd247ced2196ee0248e8fc8506b2a0bb94e657476ad

  • SHA512

    706409afda169e1ae6347f37232b651d135bb905b834d55fbd1032e12793c2d97529c884e2d8f65159dbb5925de7688ea427b823236cd7b5c3773c404b3cb98b

  • SSDEEP

    192:INnKbjNnKME8se1+gJCTved0eLbbLtJjaagChJ:IoB8Y5Dd0eLbb9g6

Score
10/10
xwormdiscoveryexecutionrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

87.120.116.179:1300

Mutex

B48go7npq3kwDYCH

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      Transacción Aprobada - CUS 1084694334 diciembre 2 de 2024.bat

    • Size

      47KB

    • MD5

      65d8a93edb5aeb9fc34964dea9f98602

    • SHA1

      76581dbf1984576d325e108c585cd7fbd0b09006

    • SHA256

      8c47e2ff28df3de6fa35509c4c3be6069e1a99fedea3d6992f61c53d49b248a7

    • SHA512

      9105a7e781eeea5db245a72b86606a2d681a9eefc0e23c1da3053ee1b61635320a5c1e1f53ca56296f5844cacc736de100cc65930c85ee4f07b8546225418b47

    • SSDEEP

      768:aoc6FkLLiNhoc6FkLLiNIoc6FkLLiN9oc6FkLLiNRoc6FkLLiNPc1aa5oc6FkLLx:aopF4ONhopF4ONIopF4ON9opF4ONRop6

    Score
    10/10
    executionxwormdiscoveryrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks