Overview

overview

7

Static

static

1

Win-XwormR...er.exe

windows7-x64

7

Win-XwormR...er.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Win-XwormRat-V2.1-builder.exe

  • Size

    928KB

  • Sample

    230205-v2ez3adf5v

  • MD5

    3f0912415a057271df74d28140102c2b

  • SHA1

    9bc6ee308cb00e4898f3730e933ccb6fa1531366

  • SHA256

    6b51cfb8710886fbff64eb1482c0de89bf9075f97dd01b8474f7e60fb362d1b2

  • SHA512

    9847c7a2bf6d773e8d2855c14c9266040cf9b8c05b667418eb36f9fb4c76740cbe1cd7a16d85fe04206af85e062bb7d75dd6c0fc23193f86123e24e759b6ed49

  • SSDEEP

    12288:C8pICumxgLj3PSg+Gfqxk01P6RNGZS7yK8g3dv8BOEBkCtip/y6Lr9vXjdkpgLMk:A1ixARrLlH/1q+

Score
7/10
spywarestealer

Malware Config

Targets

    • Target

      Win-XwormRat-V2.1-builder.exe

    • Size

      928KB

    • MD5

      3f0912415a057271df74d28140102c2b

    • SHA1

      9bc6ee308cb00e4898f3730e933ccb6fa1531366

    • SHA256

      6b51cfb8710886fbff64eb1482c0de89bf9075f97dd01b8474f7e60fb362d1b2

    • SHA512

      9847c7a2bf6d773e8d2855c14c9266040cf9b8c05b667418eb36f9fb4c76740cbe1cd7a16d85fe04206af85e062bb7d75dd6c0fc23193f86123e24e759b6ed49

    • SSDEEP

      12288:C8pICumxgLj3PSg+Gfqxk01P6RNGZS7yK8g3dv8BOEBkCtip/y6Lr9vXjdkpgLMk:A1ixARrLlH/1q+

    Score
    7/10
    spywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks