Overview

overview

10

Static

static

1

dcdd4e4fe6...b6.ps1

windows7-x64

3

dcdd4e4fe6...b6.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dcdd4e4fe6d9753c3a126b7a6e5580f842f64a6ff9cbddc0b4d108fb50cb02b6.ps1

  • Size

    195KB

  • Sample

    250119-fl62aaxlhn

  • MD5

    b8fd1dea2f1bb4cee3fa500d489124e3

  • SHA1

    60f95b4a76ca8e8168df95545c196761d809d0ae

  • SHA256

    dcdd4e4fe6d9753c3a126b7a6e5580f842f64a6ff9cbddc0b4d108fb50cb02b6

  • SHA512

    f0a622b5e8147880a44fda150a1bcbaff7b5a3256b72ee4b0e342ffbf845cc1e206c51253d9d6f3cc8b9f667c3f9a733ac15ae231896fe85ff36432d9b57ebde

  • SSDEEP

    6144:T3NC3EKsyh4ciFTdTM2JiW0tDCfQHsQIOGL81wk5q+l5QhYUSX1AcbdxXSFciQUH:TLKOSs

Score
10/10
xwormdiscoveryexecutionrattrojan

Malware Config

Extracted

Family

xworm

C2

176.113.115.170:4413

Attributes
  • install_file

    USB.exe

Targets

    • Target

      dcdd4e4fe6d9753c3a126b7a6e5580f842f64a6ff9cbddc0b4d108fb50cb02b6.ps1

    • Size

      195KB

    • MD5

      b8fd1dea2f1bb4cee3fa500d489124e3

    • SHA1

      60f95b4a76ca8e8168df95545c196761d809d0ae

    • SHA256

      dcdd4e4fe6d9753c3a126b7a6e5580f842f64a6ff9cbddc0b4d108fb50cb02b6

    • SHA512

      f0a622b5e8147880a44fda150a1bcbaff7b5a3256b72ee4b0e342ffbf845cc1e206c51253d9d6f3cc8b9f667c3f9a733ac15ae231896fe85ff36432d9b57ebde

    • SSDEEP

      6144:T3NC3EKsyh4ciFTdTM2JiW0tDCfQHsQIOGL81wk5q+l5QhYUSX1AcbdxXSFciQUH:TLKOSs

    Score
    10/10
    executionxwormdiscoveryrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks