General
-
Target
XWorm-RAT-xworm-rat.zip
-
Size
33.7MB
-
Sample
221011-znv7caeacq
-
MD5
57a2bc809b05e1912ae749c9db34071b
-
SHA1
501c7d841e2662aa3f9c2b7e28b7a844b899a300
-
SHA256
491e6d13ca77846445824b492df95e7294f908c568819d839eecb82ea986d608
-
SHA512
49edc2b21433e1c132d96fa59f7dd6588d05de7ab1206bc210aa319817fb5ada49647e9f68f5dc682cac0f89d825bc4cbe97c31476bb63feeeb5e8da13e20769
-
SSDEEP
786432:mjDPlNpEQ4AXvvAQAIHHCspkclWQe5LDQXzTnHB35TAu93biIKJ:GxDEuXHAInCsdAtfWh35TT3W/
Malware Config
Targets
-
-
Target
XWorm-RAT-xworm-rat.zip
-
Size
33.7MB
-
MD5
57a2bc809b05e1912ae749c9db34071b
-
SHA1
501c7d841e2662aa3f9c2b7e28b7a844b899a300
-
SHA256
491e6d13ca77846445824b492df95e7294f908c568819d839eecb82ea986d608
-
SHA512
49edc2b21433e1c132d96fa59f7dd6588d05de7ab1206bc210aa319817fb5ada49647e9f68f5dc682cac0f89d825bc4cbe97c31476bb63feeeb5e8da13e20769
-
SSDEEP
786432:mjDPlNpEQ4AXvvAQAIHHCspkclWQe5LDQXzTnHB35TAu93biIKJ:GxDEuXHAInCsdAtfWh35TT3W/
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-