Overview

overview

10

Static

static

1

b.ps1

windows7-x64

3

b.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b.ps1

  • Size

    165KB

  • Sample

    250125-lgm1hawrew

  • MD5

    482ece68e9b421f4ee1fd93123ec3d54

  • SHA1

    bfff81451cec255b6f31b0b5b0f1c38d0c1ef807

  • SHA256

    a245dc0d34568bb31a62d55ff3d1c5431ac28bb1c831f2ad19507220d253776c

  • SHA512

    8d9c5e6152c0ad6c4f247925c4594a2ea5bd0876a43f5c4a0fefbab615ead636c3d434a3f4c757a3eda2f54a7a7782614e98043553a578669a213c03b7fdfefe

  • SSDEEP

    3072:ZcUKZ20H5qt7ABLmYOlba6c5GdOa7MQrq3v0ayW3sfc4xDAmMz/zlZVdtj0QPvBH:ZcB20H5qt7ABLmYOlba6c5GdOa7MQrqJ

Score
10/10
xwormdiscoveryexecutionrattrojan

Malware Config

Extracted

Family

xworm

C2

92.255.57.155:4411

Attributes
  • install_file

    USB.exe

Targets

    • Target

      b.ps1

    • Size

      165KB

    • MD5

      482ece68e9b421f4ee1fd93123ec3d54

    • SHA1

      bfff81451cec255b6f31b0b5b0f1c38d0c1ef807

    • SHA256

      a245dc0d34568bb31a62d55ff3d1c5431ac28bb1c831f2ad19507220d253776c

    • SHA512

      8d9c5e6152c0ad6c4f247925c4594a2ea5bd0876a43f5c4a0fefbab615ead636c3d434a3f4c757a3eda2f54a7a7782614e98043553a578669a213c03b7fdfefe

    • SSDEEP

      3072:ZcUKZ20H5qt7ABLmYOlba6c5GdOa7MQrq3v0ayW3sfc4xDAmMz/zlZVdtj0QPvBH:ZcB20H5qt7ABLmYOlba6c5GdOa7MQrqJ

    Score
    10/10
    executionxwormdiscoveryrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks