Overview
overview
10Static
static
10XWorm V3.1...nd.png
windows7-x64
1XWorm V3.1...nd.png
windows10-2004-x64
3XWorm V3.1...ox.dll
windows7-x64
1XWorm V3.1...ox.dll
windows10-2004-x64
1XWorm V3.1...er.bat
windows7-x64
5XWorm V3.1...er.bat
windows10-2004-x64
1XWorm V3.1...re.dll
windows7-x64
1XWorm V3.1...re.dll
windows10-2004-x64
1XWorm V3.1...ms.dll
windows7-x64
1XWorm V3.1...ms.dll
windows10-2004-x64
1XWorm V3.1...IP.dat
windows7-x64
3XWorm V3.1...IP.dat
windows10-2004-x64
3XWorm V3.1...or.dll
windows7-x64
1XWorm V3.1...or.dll
windows10-2004-x64
1XWorm V3.1...ro.wav
windows7-x64
1XWorm V3.1...ro.wav
windows10-2004-x64
6XWorm V3.1...or.dll
windows7-x64
1XWorm V3.1...or.dll
windows10-2004-x64
1XWorm V3.1...NC.exe
windows7-x64
10XWorm V3.1...NC.exe
windows10-2004-x64
10XWorm V3.1....1.exe
windows7-x64
1XWorm V3.1....1.exe
windows10-2004-x64
1XWorm V3.1...xe.xml
windows7-x64
1XWorm V3.1...xe.xml
windows10-2004-x64
1Analysis
-
max time kernel
42s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
17/02/2023, 05:04
Static task
static1
Behavioral task
behavioral1
Sample
XWorm V3.1 - Copy/Background.png
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
XWorm V3.1 - Copy/Background.png
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
XWorm V3.1 - Copy/FastColoredTextBox.dll
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral4
Sample
XWorm V3.1 - Copy/FastColoredTextBox.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
XWorm V3.1 - Copy/Fixer.bat
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral6
Sample
XWorm V3.1 - Copy/Fixer.bat
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
XWorm V3.1 - Copy/GMap.NET.Core.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral8
Sample
XWorm V3.1 - Copy/GMap.NET.Core.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
XWorm V3.1 - Copy/GMap.NET.WindowsForms.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral10
Sample
XWorm V3.1 - Copy/GMap.NET.WindowsForms.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
XWorm V3.1 - Copy/GeoIP.dat
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral12
Sample
XWorm V3.1 - Copy/GeoIP.dat
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
XWorm V3.1 - Copy/IconExtractor.dll
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral14
Sample
XWorm V3.1 - Copy/IconExtractor.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
XWorm V3.1 - Copy/Intro.wav
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral16
Sample
XWorm V3.1 - Copy/Intro.wav
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
XWorm V3.1 - Copy/SimpleObfuscator.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral18
Sample
XWorm V3.1 - Copy/SimpleObfuscator.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
XWorm V3.1 - Copy/XWorm HVNC.exe
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral20
Sample
XWorm V3.1 - Copy/XWorm HVNC.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
XWorm V3.1 - Copy/XWorm V3.1.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral22
Sample
XWorm V3.1 - Copy/XWorm V3.1.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
XWorm V3.1 - Copy/XWorm V3.1.exe.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral24
Sample
XWorm V3.1 - Copy/XWorm V3.1.exe.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
XWorm V3.1 - Copy/Fixer.bat
-
Size
122B
-
MD5
2dabc46ce85aaff29f22cd74ec074f86
-
SHA1
208ae3e48d67b94cc8be7bbfd9341d373fa8a730
-
SHA256
a11703fd47d16020fa099a95bb4e46247d32cf8821dc1826e77a971cdd3c4c55
-
SHA512
6a50b525bc5d8eb008b1b0d704f9942f72f1413e65751e3de83d2e16ef3cf02ef171b9da3fff0d2d92a81daac7f61b379fcf7a393f46e914435f6261965a53b3
Malware Config
Signatures
-
Drops file in System32 directory 12 IoCs
description ioc Process File created C:\Windows\system32\perfc007.dat lodctr.exe File created C:\Windows\system32\perfh009.dat lodctr.exe File created C:\Windows\system32\perfc00A.dat lodctr.exe File created C:\Windows\system32\perfh00A.dat lodctr.exe File created C:\Windows\system32\perfc010.dat lodctr.exe File created C:\Windows\system32\perfh010.dat lodctr.exe File created C:\Windows\system32\perfc011.dat lodctr.exe File created C:\Windows\system32\perfh007.dat lodctr.exe File created C:\Windows\system32\perfc009.dat lodctr.exe File created C:\Windows\system32\perfc00C.dat lodctr.exe File created C:\Windows\system32\perfh00C.dat lodctr.exe File created C:\Windows\system32\perfh011.dat lodctr.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1680 wrote to memory of 900 1680 cmd.exe 29 PID 1680 wrote to memory of 900 1680 cmd.exe 29 PID 1680 wrote to memory of 900 1680 cmd.exe 29