MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4cc61331730543fc1f257190da8b85fbfd590ad506cc61007aa5a602e18439ae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


XWorm


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4cc61331730543fc1f257190da8b85fbfd590ad506cc61007aa5a602e18439ae
SHA3-384 hash: ceb8822bdb9b98e53c003a0bf754fef9f7175858a226ac2631fe703ade7e64813e2672c958b200d5b1e931725aa0b4dd
SHA1 hash: 165ce9bbe10b1f6cb0976713efd11ace90606f80
MD5 hash: 88221de1964b82a9ad79988b0cde4ea2
humanhash: idaho-white-spaghetti-michigan
File name:ghost_crypter.bat
Download: download sample
Signature XWorm
Create hunting rule
File size:315 bytes
First seen:2025-12-23 22:49:34 UTC
Last seen:Never
File type:Batch (bat) bat
MIME type:text/x-msdos-batch
ssdeep 6:hHNGDXvay2olNHn+YWjvT9Ds81R3KupMFXA98WFYekWpIJR3Kb6:myyrXn+YWjvT9Y81kUMhA98WFjn2k+
Threatray 1'815 similar samples on MalwareBazaar
TLSH T19CE07D855C24200BDE9AC9994612930AAC4722C1551A8741172CE8253902EEAC69E466
Magika batch
Reporter BastianHein
Tags:bat xworm

Intelligence

File Origin
# of uploads :
1
# of downloads :
39
Origin country :
CL CL
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
output.exe
Verdict:
Malicious activity
Analysis date:
2025-12-23 22:41:51 UTC
Tags:
auto-startup xworm
Link:
https://app.any.run/tasks/d3315fa6-c870-4a9e-aa5f-58d9800486fc

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/45948/
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=694b1adc038f10550b553644
Tags:
asyncrat autorun
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
lolbin mshta powershell powershell
Link:
https://www.filescan.io/uploads/694b1cac84afa5547b5d16b3/reports/b87f8210-94b8-416b-b83d-0db5d1f88d26/overview
Verdict:
Suspicious
Labled as:
TR/SNH
Link:
https://www.hybrid-analysis.com/sample/4cc61331730543fc1f257190da8b85fbfd590ad506cc61007aa5a602e18439ae
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-12-23T20:03:00Z UTC
Last seen:
2025-12-24T11:07:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/4cc61331730543fc1f257190da8b85fbfd590ad506cc61007aa5a602e18439ae/results?tab=lookup
Score:
98%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/4cc61331730543fc1f257190da8b85fbfd590ad506cc61007aa5a602e18439ae
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4cc61331730543fc1f257190da8b85fbfd590ad506cc61007aa5a602e18439ae/
Verdict:
Malicious
Threat:
Family.XWORM
Link:
https://tip.neiki.dev/file/4cc61331730543fc1f257190da8b85fbfd590ad506cc61007aa5a602e18439ae
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-12-23 22:42:36 UTC
File Type:
Text (Batch)
AV detection:
1 of 36 (2.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jtdbgmltavb7yhzfoginvc4f7p6vscwva3ggcad2uwtafymehgxa._file
Verdict:
malicious
Label(s):
xworm
Create hunting rule
Similar samples:
35ebf53977016f9547bc526dcfbb1a54564a49820b8aeab785f39284e3f5f764
XWorm
43c8dfe3daa3b5402f2c673b1bae02dc73f653570033efcd63e19a9b0f3e0255
XWorm
84bc64c5f0b3e217896ebecb8b6d434d0c8fb4c33aa87125b3b8e2062aa283d5
XWorm
90fdc91facdcf314acf7bd6ed6575646ce3e11e47c049f5e89190e803bce13f6
XWorm
b21fbdd64dc782bc10c3f565712a447d275ad6fab4126ec2cec8b4ae2b4da314
XWorm
b7b8016b837766fc9a8d6cfeec6239c05778eec6525bc61327b6311427c4a289
XWorm
ded8ac26fe5cf263c473d957436a597d1eea50fc6ee8cf59aa54a90adca64074
XWorm
e0d40091b7f7904d8801fd6d1a67164e02d148035824948bc4a5e255e6fb4876
XWorm
ed8fbe4e80d22ae1ca136cf51085802b6eedf916d68f5c27306cd661e08644fb
XWorm
error
XWorm
+ 1'805 additional samples on MalwareBazaar
Result
Malware family:
xworm
Create hunting rule
Score:
  10/10
Tags:
family:xworm defense_evasion execution persistence rat trojan
Link:
https://tria.ge/reports/251225-nykmtawkdt/
Behaviour
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Views/modifies file attributes
Enumerates physical storage devices
Hide Artifacts: Hidden Files and Directories
Adds Run key to start application
Checks computer location settings
Drops startup file
Executes dropped EXE
Badlisted process makes network request
Command and Scripting Interpreter: PowerShell
Disables Task Manager via registry modification
Detect Xworm Payload
Xworm
Xworm family
Malware Config
C2 Extraction:
127.0 0.1:1177
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4cc61331730543fc1f257190da8b85fbfd590ad506cc61007aa5a602e18439ae

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/45948/

Comments