Overview

overview

10

Static

static

1

fedora.bat

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fedora.bat

  • Size

    115KB

  • Sample

    250302-ypfydas1cx

  • MD5

    a291659c73e487039ba0d4ed584d2335

  • SHA1

    10b534a148cd151d32bf41fb8674acd5bc98493e

  • SHA256

    3c482d9f9ba4f4a1ab37d3a0016763eaef87f5e51e259ee92d11e619026531c3

  • SHA512

    797c0ab0dc2cf5a5f9012f1426f7766ff7ccf83c287b840254fb7b453d3a79b8cb6d59228cf6ec382cfc4ac6b069714f391efd57008b481a6d247f7da6d09c35

  • SSDEEP

    3072:4YIEoF2PKuQNG88yD/HSkLhKAYzT6CN512EN2ENuN56E5NC6EEuQ6vgo:BIEUAKuL8jNFziT6CN512EN2ENuN56ES

Score
10/10
xwormdiscoveryexecutionrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

45.154.98.138:5939

Mutex

iVJRN7HmpQeCP6EU

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      fedora.bat

    • Size

      115KB

    • MD5

      a291659c73e487039ba0d4ed584d2335

    • SHA1

      10b534a148cd151d32bf41fb8674acd5bc98493e

    • SHA256

      3c482d9f9ba4f4a1ab37d3a0016763eaef87f5e51e259ee92d11e619026531c3

    • SHA512

      797c0ab0dc2cf5a5f9012f1426f7766ff7ccf83c287b840254fb7b453d3a79b8cb6d59228cf6ec382cfc4ac6b069714f391efd57008b481a6d247f7da6d09c35

    • SSDEEP

      3072:4YIEoF2PKuQNG88yD/HSkLhKAYzT6CN512EN2ENuN56E5NC6EEuQ6vgo:BIEUAKuL8jNFziT6CN512EN2ENuN56ES

    Score
    10/10
    xwormdiscoveryexecutionrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks