Overview

overview

10

Static

static

1

awb_post_d...50.vbs

windows7-x64

8

awb_post_d...50.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15cefcd38b8e7999633a958159f6b49097fd4ab2b5de1ec94b60ec8e0d9b4064

  • Size

    36KB

  • Sample

    250306-lh9wnavwbt

  • MD5

    d41625c768306c53d2b334703c08df1b

  • SHA1

    84b3a4daeb01641f31b55472716aebb06ebfa15f

  • SHA256

    15cefcd38b8e7999633a958159f6b49097fd4ab2b5de1ec94b60ec8e0d9b4064

  • SHA512

    14635a2e9fda8bc7026e25892b1941db6fb0097e2d5a74090f7811a3919ca4c6df759260d256c854304ce2a1a44d90d1563436aae4536148632c92ca7e31dd94

  • SSDEEP

    768:nr97EpBxUSBjAg+qBN+LEGAehTpLJJMzsh1PDAk80RRwXW:tEz6UAgClAETZMzsrPDjRt

Score
10/10
xwormexecutionrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

tripplebanks.duckdns.org:3399

Mutex

bppouzbV7pFA6n72

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      awb_post_dhl_delivery_documents_06_03_2025_00000000000250.vbs

    • Size

      72KB

    • MD5

      f2a4031c9fcc69f1bc32eb62b35651bb

    • SHA1

      b97f66f3c831d887c8e1e3e4ca209784262b5c23

    • SHA256

      70459c4985da2c11b2baa8b746c86e4cd031470d1c216b2c13b87763c4485647

    • SHA512

      7e50b481b4268f474e5ab387c00221d0b29eea79cfbb7a025ddd6cf01aea397c626478b0af94d4ec6d0631fe65f9b331581511060d61c23474066fd665f6b0e6

    • SSDEEP

      1536:bdW0MXa09sT3o202+TpydNFMLSEGgcX4XTA66Mrhrpj:bds9DfTpUcfj9pj

    Score
    10/10
    executionxwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks