Overview

overview

10

Static

static

1

Required p...53.vbe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    250610-v13pqsywbw.bin

  • Size

    129KB

  • Sample

    250610-v5v6fshq3s

  • MD5

    2d494021b962c21e3c69890b71eec11f

  • SHA1

    540a5746efce7553dc28d151cf3aa46216166ce2

  • SHA256

    cbafdf89b203ad17451308f2facef57898e62fdd35765bbcbfa488c6aa033d92

  • SHA512

    a6d60ae11fbb6b5ed3d889a6bd61c0b85c22fef1dc7661899dd96c9009248d1ae2b82f63dcdcb3657430fdbc70c7c8c965cd191cb9054acf72206996fa12fd16

  • SSDEEP

    3072:QDq55mbYQN0oAfb4aoXFRyos6VyoGFzcJRVitoQv2dZGkV:QDq5UbYQN0o6XoXeTyAe7koQe3V

Score
10/10
xwormdiscoveryexecutionrattrojan

Malware Config

Targets

    • Target

      Required product documentations & picture samples_20250609-AEIMPEX25-#29710SWS522053.vbe

    • Size

      866KB

    • MD5

      2f372a077cd847f4d5da423300198d86

    • SHA1

      57310b97f65b9b8a35eb6dbdc250d9ac8f367602

    • SHA256

      fdd349e5eae7d70c43e7357dd6fdabee7b8842024913bcdae73d82a9f7d2c61e

    • SHA512

      e7de245208ea5900014233db5e2e7d6193caf7232b75e70a436248f87be4a4b6e272b431f5dfd0363a6214dd7611fd86317fb1574908c6d430e01f40ae819a32

    • SSDEEP

      6144:0+VtxBJ6UYROexbvtgR8b2ETlrz6720ItgYO4N4Ti6cKKmzizRIU2P6XWpFFa2ic:dgp9RIX4xFP5jmhJfqHuT9

    Score
    10/10
    xwormdiscoveryexecutionrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v16

Tasks