Extracted

• • Target

    Confirmation copy for EFT#_20250228_BOA_NY_E-SWFT050AX52951MX-US.bat

  • Size

    62KB

  • MD5

    4e49fd9891d84a4dff53559ce3fb1e4c

  • SHA1

    6b44eb8513213887a7cf7a21a2ef75472fb32bcf

  • SHA256

    6036593430cc74f68abc87c13469083968dc94f011d12c50c845c1a44751e409

  • SHA512

    feced2549a5da4ab69077b37a9cbf88824edc010cd8163025556c8c0c810b7599c1f982556bc613fa1cceee6467f2d89ad72ae467346546e4f848a4b62db2626

  • SSDEEP

    1536:5ImZkbmEKUgXEXzICKUnFCtb4+tD3Ezpaljp228c+:5I3Hfctb4UD3EzpVBc+

  Score

  10^/10

  executionxwormrattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Drops startup file

  behavioral1behavioral2