Overview

overview

10

Static

static

1

krTVmufRVRif.bat

windows7-x64

8

krTVmufRVRif.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    krTVmufRVRif.bat

  • Size

    4.3MB

  • Sample

    250308-lgkkdavtey

  • MD5

    c475591ab334bd766b868d4d706938db

  • SHA1

    0e89e12020e858db58b4f8e250c6fea7e03ed95e

  • SHA256

    38908b3b24f91dd837b7f3730f9e0258337f26274ce71bc2f299c5662247fcf6

  • SHA512

    3611b20c0f2918abb33c7869a3755ad78a274dfaab8c69768bd3e3a8762837dedb8b45c64133133dd6d60b8986ca9cfb0db79c0b27cb9bb4cbd7138f286bc28b

  • SSDEEP

    49152:ei50ntRXxAgH2DWZIRrcbzwilGN7BQxYa831JNBQiHCywLILOcLwSpXKEf:/

Score
10/10
xwormexecutionrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

meowycatty.ddns.net:8843

Mutex

jRccj8SKwN7fQIlB

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      krTVmufRVRif.bat

    • Size

      4.3MB

    • MD5

      c475591ab334bd766b868d4d706938db

    • SHA1

      0e89e12020e858db58b4f8e250c6fea7e03ed95e

    • SHA256

      38908b3b24f91dd837b7f3730f9e0258337f26274ce71bc2f299c5662247fcf6

    • SHA512

      3611b20c0f2918abb33c7869a3755ad78a274dfaab8c69768bd3e3a8762837dedb8b45c64133133dd6d60b8986ca9cfb0db79c0b27cb9bb4cbd7138f286bc28b

    • SSDEEP

      49152:ei50ntRXxAgH2DWZIRrcbzwilGN7BQxYa831JNBQiHCywLILOcLwSpXKEf:/

    Score
    10/10
    executionxwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks