General

  • Target

    176.113.115_2.225.ps1

  • Size

    173KB

  • Sample

    250127-sbkfratnbw

  • MD5

    04f44b17c1a12764766a226f3d8fa711

  • SHA1

    74af32ea6f960c1e4f9d2b1cd72a1595a8b1b292

  • SHA256

    f18d64e796c6bb3a73657720d834a96f41bf20690cffd2603d52ef0097cce50e

  • SHA512

    a1f0547896f538114ec96ad60c51a08025482abc2ba6897a31981d2df2f09d18478488cb2cb740716fd6e47ca01594fe460e2bc1ba915efa59f63dc8e200479e

  • SSDEEP

    3072:ZcUKZ20H5qt7ABLmYOlba6c5GdOa7MQrq3v0ayW3sfc4xDAmMz/zlZVdtj0QIPXf:ZcB20H5qt7ABLmYOlba6c5GdOa7MQrqm

Malware Config

Extracted

Family

xworm

C2

176.113.115.225:4444

Attributes
  • install_file

    USB.exe

Targets

    • Target

      176.113.115_2.225.ps1

    • Size

      173KB

    • MD5

      04f44b17c1a12764766a226f3d8fa711

    • SHA1

      74af32ea6f960c1e4f9d2b1cd72a1595a8b1b292

    • SHA256

      f18d64e796c6bb3a73657720d834a96f41bf20690cffd2603d52ef0097cce50e

    • SHA512

      a1f0547896f538114ec96ad60c51a08025482abc2ba6897a31981d2df2f09d18478488cb2cb740716fd6e47ca01594fe460e2bc1ba915efa59f63dc8e200479e

    • SSDEEP

      3072:ZcUKZ20H5qt7ABLmYOlba6c5GdOa7MQrq3v0ayW3sfc4xDAmMz/zlZVdtj0QIPXf:ZcB20H5qt7ABLmYOlba6c5GdOa7MQrqm

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Xworm family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks