Extracted

Extracted

• • Target

    185.7.214_1.211.ps1

  • Size

    748B

  • MD5

    e82a3ff48366e1f36544a3da3cabc703

  • SHA1

    84796eb3285b20787b8b17765e73b7180b4931d0

  • SHA256

    4a6a052cca2e26577c7e07e513a33ae7f147bfdcbbed22e3ad6ee36d4c66850e

  • SHA512

    87fe6cf2aa4925e39274a7279b2349ff8aeebcd68c73a6561d3d456960b9bca8b5c0722aa0c2712804c4538793f4c1cce9ff3be3904bbd891599979e963d6173

  Score

  10^/10

  executionxwormdiscoveryrattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Suspicious use of SetThreadContext

  behavioral1behavioral2