Overview

overview

10

Static

static

1

Destiny Lo...ed.bat

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Destiny Loader Cracked.bat

  • Size

    327KB

  • Sample

    250303-x39xyawwfy

  • MD5

    d0eef460c098ddfab73bffe09b5576f1

  • SHA1

    72a9d083d85037abf060c027ceb2f4c7d83b8d42

  • SHA256

    94bf91b3fb8d81ca10883351d514dd89c9f953771ec90a2c3571e586c0ece07a

  • SHA512

    eaf4b8a20787685ac516f8c8fa27052df7e8100180cdbb16fdbc1dcdc33ede7623ed1ce1abbd24146bc2dc63c4e55fb36957dc731b005d71fd781e1a1b72e8d3

  • SSDEEP

    6144:fS/P9VWTPTlLWWUY+GVH0I2mjYTNZTNSq78e89aOki5M:YP/2PTlLVUI2mMTTn8e89Ii5M

Score
10/10
xwormdiscoveryexecutionrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

ciad4zftx.localto.net:6536

Mutex

fz5G9hEIprTL3zDO

Attributes
  • Install_directory

    %ProgramData%

  • install_file

    System.exe

aes.plain

Targets

    • Target

      Destiny Loader Cracked.bat

    • Size

      327KB

    • MD5

      d0eef460c098ddfab73bffe09b5576f1

    • SHA1

      72a9d083d85037abf060c027ceb2f4c7d83b8d42

    • SHA256

      94bf91b3fb8d81ca10883351d514dd89c9f953771ec90a2c3571e586c0ece07a

    • SHA512

      eaf4b8a20787685ac516f8c8fa27052df7e8100180cdbb16fdbc1dcdc33ede7623ed1ce1abbd24146bc2dc63c4e55fb36957dc731b005d71fd781e1a1b72e8d3

    • SSDEEP

      6144:fS/P9VWTPTlLWWUY+GVH0I2mjYTNZTNSq78e89aOki5M:YP/2PTlLVUI2mMTTn8e89Ii5M

    Score
    10/10
    xwormdiscoveryexecutionrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks