Overview

overview

10

Static

static

1

45.ps1

windows7-x64

3

45.ps1

windows10-2004-x64

10

45.ps1

windows10-ltsc 2021-x64

10

45.ps1

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    45.ps1

  • Size

    196KB

  • Sample

    250116-vrxgcszqfw

  • MD5

    042542aec94432fc2cafe9a239144312

  • SHA1

    95d08386158d36b86873ea14b645ce047f56d9d7

  • SHA256

    658c7753e7dce4eb144263de241ac56f14eba3bd92cd6def3a073d685de484e0

  • SHA512

    fe62a3e661671b3d9ba0a913d3f1b8f4d4460636e990112a9aa1639dd31f145afb20365c185a18ae4eeb274e96aa5f4c5903617cb7e942fd0f0db842932ef9d4

  • SSDEEP

    6144:72s1zAOok9Y3sOGnuerPkwo67g3Lk7pyFV50GuGdtqphBddqyIFr2JdyPrnxiNH2:7l1fO35

Score
10/10
xwormdiscoveryexecutionrattrojan

Malware Config

Extracted

Family

xworm

C2

85.209.11.15:4404

Attributes
  • install_file

    USB.exe

Targets

    • Target

      45.ps1

    • Size

      196KB

    • MD5

      042542aec94432fc2cafe9a239144312

    • SHA1

      95d08386158d36b86873ea14b645ce047f56d9d7

    • SHA256

      658c7753e7dce4eb144263de241ac56f14eba3bd92cd6def3a073d685de484e0

    • SHA512

      fe62a3e661671b3d9ba0a913d3f1b8f4d4460636e990112a9aa1639dd31f145afb20365c185a18ae4eeb274e96aa5f4c5903617cb7e942fd0f0db842932ef9d4

    • SSDEEP

      6144:72s1zAOok9Y3sOGnuerPkwo67g3Lk7pyFV50GuGdtqphBddqyIFr2JdyPrnxiNH2:7l1fO35

    Score
    10/10
    executionxwormdiscoveryrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks