Extracted

• • Target

    JoresSpoofer.bat

  • Size

    288KB

  • MD5

    0d54ebc1a6e4ebe7d65b969c4024ed1e

  • SHA1

    d790848a4fb6566f261336c792d3dc52231b6893

  • SHA256

    3e9360777427b09db15faafc2cd5171b403461b445a932ee5e88d55b8342f876

  • SHA512

    8ac84b09ba0f134a0575940877a2bea840c313ac2cdc048ffa2e1f64e9ea50aa59fe741f5b44ec1731ea4df7f17dd0a8f71c92ae305fc65893b81196e9293580

  • SSDEEP

    6144:eAxGUqNRfHDHpulKyACuprcyfVsG3GNvMr+MjICSjQp:eAxRIf1W6CupwyfSueBK

  Score

  10^/10

  xwormexecutionpersistencerattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Drops startup file

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1