Extracted

• • Target

    file

  • Size

    7KB

  • MD5

    cb37a07989c743fff42af9d822533933

  • SHA1

    3bca2e7d9ecb4ab0f4c3ec3a75a80b7d6041bd43

  • SHA256

    e6e9207db9da7a8a626f739314dac6a2426698603793b99902104050cf6b4292

  • SHA512

    ef783e2cd94f3637b8ce08452f9e2107c923b99e5371740c3caa2e957eb529c3fa65b481a837fd917394a125a6ba83f3166d3e543c2dbe59463174aedca31a20

  • SSDEEP

    96:PNybXaotqEb0EZ2W87IfrI2+nomtaaGBj0YhNM7UlNbOG9zrYbXnSvN4Yzueh8tR:PN2x2BeM2+1DGlM7UrbOInYTnSlZyLN

  Score

  10^/10

  xwormdiscoveryexecutionrattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Powershell Invoke Web Request.

    execution

  • Drops startup file

  • Executes dropped EXE

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1