Overview

overview

10

Static

static

1

georgefloyd.bat

windows7-x64

8

georgefloyd.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    georgefloyd.bat

  • Size

    4.3MB

  • Sample

    250307-svv2lastdz

  • MD5

    c827b11ddab8f04af88ad75cf10ce5c3

  • SHA1

    8ccd314ee72a96772cc6040e9c626332a18ff2d0

  • SHA256

    e3f141aeea820a23216db5919e80573b1e5675e98a3c02a67d2e7b576ef269b5

  • SHA512

    73bbdfe7555c49893674339b967f6515471ae83043d9c5ca9772828f0877c2827cace3c24bae99da393864e35dc91268ab7fc5a969fb65cb10a3da23dceb6f32

  • SSDEEP

    49152:k1bO8QYsqdzJPWeAir2ajAFZqklU2Cb7zGhaPCuDaWBm8HYrFDDSM+qkTKZHdIMw:w

Score
10/10
xwormexecutionrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

193.32.177.63:6000

Mutex

wwD0bshguVCRSd3k

Attributes
  • install_file

    USB.exe

  • telegram

    https://api.telegram.org/bot7238632531:AAGCQZAh03hAwOcuP9HUeoAP5AQV0o0tp24/sendMessage?chat_id=8080837794

aes.plain

Targets

    • Target

      georgefloyd.bat

    • Size

      4.3MB

    • MD5

      c827b11ddab8f04af88ad75cf10ce5c3

    • SHA1

      8ccd314ee72a96772cc6040e9c626332a18ff2d0

    • SHA256

      e3f141aeea820a23216db5919e80573b1e5675e98a3c02a67d2e7b576ef269b5

    • SHA512

      73bbdfe7555c49893674339b967f6515471ae83043d9c5ca9772828f0877c2827cace3c24bae99da393864e35dc91268ab7fc5a969fb65cb10a3da23dceb6f32

    • SSDEEP

      49152:k1bO8QYsqdzJPWeAir2ajAFZqklU2Cb7zGhaPCuDaWBm8HYrFDDSM+qkTKZHdIMw:w

    Score
    10/10
    executionxwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks