Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://docs.google....

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://docs.google.com/uc?export=download&id=13_WhiO-o0MBi5Z2LKYDV40Qh_04jhxzN

  • Sample

    250120-q9extasmdw

Score
10/10
xwormdiscoveryexecutionrattrojan

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://ia600805.us.archive.org/10/items/new_image_202501/new_image.jpg%20
exe.dropper

https://ia600805.us.archive.org/10/items/new_image_202501/new_image.jpg%20

Extracted

Family

xworm

Version

5.0

C2

87.120.116.179:1300

Mutex

iBTnpYLbdYOMKoW3

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      https://docs.google.com/uc?export=download&id=13_WhiO-o0MBi5Z2LKYDV40Qh_04jhxzN

    Score
    10/10
    xwormdiscoveryexecutionrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks