Extracted

• • Target

    e3f141aeea820a23216db5919e80573b1e5675e98a3c02a67d2e7b576ef269b5.bat

  • Size

    4.3MB

  • MD5

    c827b11ddab8f04af88ad75cf10ce5c3

  • SHA1

    8ccd314ee72a96772cc6040e9c626332a18ff2d0

  • SHA256

    e3f141aeea820a23216db5919e80573b1e5675e98a3c02a67d2e7b576ef269b5

  • SHA512

    73bbdfe7555c49893674339b967f6515471ae83043d9c5ca9772828f0877c2827cace3c24bae99da393864e35dc91268ab7fc5a969fb65cb10a3da23dceb6f32

  • SSDEEP

    49152:k1bO8QYsqdzJPWeAir2ajAFZqklU2Cb7zGhaPCuDaWBm8HYrFDDSM+qkTKZHdIMw:w

  Score

  10^/10

  executionxwormrattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Deletes itself

  behavioral1behavioral2