Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://bitbucket.or...

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://bitbucket.org/vasoyeti/compu/downloads/No_00014052024_COBRO_JUR%C3%8DDICO_VIGENTE_FECHA_5_DE_DICIEMBRE_DE_2024.tar

  • Sample

    250120-p6grkazpam

Score
10/10
xwormdiscoverypersistencerattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

87.120.116.179:1300

Mutex

3K4hxUJ98OMO2ygA

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      https://bitbucket.org/vasoyeti/compu/downloads/No_00014052024_COBRO_JUR%C3%8DDICO_VIGENTE_FECHA_5_DE_DICIEMBRE_DE_2024.tar

    Score
    10/10
    xwormdiscoverypersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks