d475fc9c05d4723cb85fdd92dc1a1ecea8f5d9a2c9601eb3042769d9eefbe5df

Sharing

Copy URL

Twitter E-mail

General

Target

XWorm.zip
Size

34.1MB
Sample

230221-kc9s2aeb48
MD5

3d9e6f3dbdff704b9672e7cbddb5141d
SHA1

2dbf02c6cfe018b6cbe504e1fa47d6a1d98b8b70
SHA256

d475fc9c05d4723cb85fdd92dc1a1ecea8f5d9a2c9601eb3042769d9eefbe5df
SHA512

634157d593c473a6d48e0aaf7b27bb083f5b73e024990d8e84c5393473dabbc2921aa94690ca2e61b8b6021712fe58df440c74172d3e8fc81a4478e95e0ad984
SSDEEP

786432:fp+hRDBGmkwTWTBzDMBSEoAXp1cw8a0KVNEqGHKI2tX14t+EHrFujBS9NCn:fQhRDBpzIM4EoCpCq0KVmqWctFOfQ

Score

10^/10

agilenet

Malware Config

Targets

- Target
  
  XWorm/Fixer.bat
- Size
  
  122B
- MD5
  
  2dabc46ce85aaff29f22cd74ec074f86
- SHA1
  
  208ae3e48d67b94cc8be7bbfd9341d373fa8a730
- SHA256
  
  a11703fd47d16020fa099a95bb4e46247d32cf8821dc1826e77a971cdd3c4c55
- SHA512
  
  6a50b525bc5d8eb008b1b0d704f9942f72f1413e65751e3de83d2e16ef3cf02ef171b9da3fff0d2d92a81daac7f61b379fcf7a393f46e914435f6261965a53b3
Score

1^/10
behavioral1
- Target
  
  XWorm/NAudio.dll
- Size
  
  502KB
- MD5
  
  3b87d1363a45ce9368e9baec32c69466
- SHA1
  
  70a9f4df01d17060ec17df9528fca7026cc42935
- SHA256
  
  81b3f1dc3f1eac9762b8a292751a44b64b87d0d4c3982debfdd2621012186451
- SHA512
  
  1f07d3b041763b4bc31f6bd7b181deb8d34ff66ec666193932ffc460371adbcd4451483a99009b9b0b71f3864ed5c15c6c3b3777fabeb76f9918c726c35eb7d7
- SSDEEP
  
  6144:96/i10SZtfzWctj98vZcE0wmLlaIZs5eku2sX2hrjAzvgmXa6W9FwsT9idwktQZG:9yrSKMJR9aGs55T1X9Fwspi2tGpmS
Score

1^/10
behavioral2
- Target
  
  XWorm/Plugins/7zip.dll
- Size
  
  1.3MB
- MD5
  
  87e82b11465703f9cd39ecbd714bd577
- SHA1
  
  dd5b501d9fdb0bde1bca5d91616beff4a00d9304
- SHA256
  
  ee97a4267b24d9be6dd484198ede79ac5b62261e56cc479a07c13d910948cadc
- SHA512
  
  850d6bbeace06e4ba54071b2ff031807ae9b8eaf84c4db7a59fb717525086a635fc6ba8a9c0e6d78b7c8a3f821fdaa902ae5eefe8e8f24ac8821803fcbbaf6f6
- SSDEEP
  
  24576:k0/LsiV9P+XbiDmHzsvTK6BN2TBQLge+ErnuIAr24sNhHXZ:kcLsk9Pk6gAK6BN2NQUe+ErnuVqjNhHX
Score

1^/10
behavioral3
- Target
  
  XWorm/Plugins/ACTWindows.dll
- Size
  
  10KB
- MD5
  
  5318d499f446a3bed94f2dabab3e39f6
- SHA1
  
  dd595eba05a14fecd9c2f33858979bbcd8dd1f3e
- SHA256
  
  dfe171edc881691a8e3425b13e92f3066cc39982463b1a849e650c4b964bb9af
- SHA512
  
  e0fcbbec365d4de99e097e917510bed72432cae62d1d449484e2edac310f1feab7bbf8e4ba8701331dee5b3b3a2005441ac8b117dd55254b2aa7236d312fe2e2
- SSDEEP
  
  192:u29alCi98OgSwNxyPlaMrp5O+Rx71tvTkIW1PnZL4zSTSQMLuOF:u/lCi987HyNHrpw+5tvTunZMzMSQOF
Score

1^/10
behavioral4
- Target
  
  XWorm/Plugins/All-In-One.dll
- Size
  
  4.8MB
- MD5
  
  2de2a0f6d774ce382a5b2c525b7c90f6
- SHA1
  
  bcca005569fbc10e9605b175823c375a3d3086ca
- SHA256
  
  0f148b7f2eccd052a83e41553b6640e1b3d404ddea6f54c2ec7c0711776ea051
- SHA512
  
  bd75135fa9773e6e53d229716b682571b6f7a118c81d71f06220c6663af1850206e91322fd116223c68ceaa0acea103c5d85fbe9c4cf22aac732a20b87a5d1dd
- SSDEEP
  
  98304:OP19F9QORkChiDC9OtH7c2iwGxIvPBOw0JefVfQ2a5cFd4KssODtd0:09FPRkC8C9OH7c2ilInz0kfVo26Wsd
Score

1^/10
behavioral5
- Target
  
  XWorm/Plugins/AskUAC.dll
- Size
  
  9KB
- MD5
  
  5a99acfc9a5840c5edf022d758c28577
- SHA1
  
  06313b35ca62dea2ff089bf9769e7e2af4612fbd
- SHA256
  
  8acbe86ff5049992dd21a07713c17ee655b9bcc02e9f95c5c270e71abb19e39b
- SHA512
  
  4d8b69d187c79f32b1f646e40527a0a29e31a6b8024702a1a80771c1e6be28eeeba407c6000268f0a5f1fffada35284ef99aebc8ebc81f71eb17d50eae64feb8
- SSDEEP
  
  192:yHUtgZzv/vcimeeGOp8bzJgyBTkIW1Pn/KiLawMLW0A:yH6gZDc/ebc8bWyBTun/Koakt
Score

1^/10
behavioral6
- Target
  
  XWorm/Plugins/BSOD.dll
- Size
  
  8KB
- MD5
  
  f529117cad2c7af6658c509c6e05c6b0
- SHA1
  
  47bfc0802abd7fa618632f994ae24f2e08475e04
- SHA256
  
  23a612a4706431e9a83ac1c2793d7aa045ed7d0085672677ad8d2b0d27e896e7
- SHA512
  
  22b7018170d9996292dc0320ab39aa6ef6f48975963ca032d3ef9b36f735af1e170e97fa35d80553bef43fabab77b4b3e20a9b52ecb9de3519449ef7469d88a7
- SSDEEP
  
  192:izyjeIJFb81/aFUe7IGOqs1ZT0IW1vneYl2GGAFTL29:imjeIJtFUeFUZTUneYtGAw9
Score

1^/10
behavioral7
- Target
  
  XWorm/Plugins/BlankScreen.dll
- Size
  
  9KB
- MD5
  
  1305a0c906d077805833f8392ce913f9
- SHA1
  
  bd983a2af465013f9b9bf4f831196dbe56ae75f0
- SHA256
  
  6f6f8402439749966708ede086c382eb4a7a785e8766bd07d1715b93eb9c7b3a
- SHA512
  
  332b1a55503aa6d41c42efde5d98ea4ed554082ae523d78f30801c13928759ccf19829b1001a227eea131626522f2d5d200618dbfa435f23b71942ac7a916fde
- SSDEEP
  
  192:mzfcER2CRuTzi9fTGOlF1LATWEIW1PnaHwpM4QLOzu:QcG2cS+UTWOnaHwpMCzu
Score

1^/10
behavioral8
- Target
  
  XWorm/Plugins/Bookmarks.dll
- Size
  
  28KB
- MD5
  
  062d055dee2bb46bc3dcd2c6d6a68b5f
- SHA1
  
  05863f69d208f319bc079105cb56194344949f23
- SHA256
  
  aa1df238e54b1633b34a842701c2234f5a9811e39094df5acbc17aac1ee98d48
- SHA512
  
  a236a10c9ed3736c5d63dbd615573ff0f734cfa9036a28d6050afa2737abad24baba85902e61d4db173339ca455cd34d1112d4b84f3bd78fd89bf155f1112034
- SSDEEP
  
  768:gs/yGRoX8l3E0edaVUdKFK713KccHaUibsw1z9re/02GkYC7B9gB:Q82dR71EaUib7re/02GklB9gB
Score

1^/10
behavioral9
- Target
  
  XWorm/Plugins/Bot.dll
- Size
  
  10KB
- MD5
  
  d26cb9c1de5d771e221d27c6f4222809
- SHA1
  
  3fa431739bebc51d9a313637156dcbbadd545da0
- SHA256
  
  d0b3fe27687afa3d2c318d43d15484dd2c2d951a404e054b71a489b7dd6d3528
- SHA512
  
  52d4dc29403d84ebb8317c4b445c454bb700f0656065e1bde0a7fcd20e1bc10dab785417d22532028573eaf6b5b37894ff5aa58332c628977ae9cb93e214f131
- SSDEEP
  
  192:enmuXhgnBQrPh6xXGO6e5TgycT4IW1U9y/L2JEWMLWB:mrhgnBU6xWjoEycTt9y/L2JEGB
Score

1^/10
behavioral10
- Target
  
  XWorm/Plugins/Chat.dll
- Size
  
  18KB
- MD5
  
  56923f72baae7decae094d3945868140
- SHA1
  
  60950761df3b7046d807449be84cfe3d691889db
- SHA256
  
  639344e2cb815d33d0b64f6d5e6e919af0fda9067eb2589d466fc22543af4656
- SHA512
  
  5414af4c82d3e41b16bcb1e4035b90ce0a33fd0df1bb21c79868e06c69e392686d160a9fb4fe3f6fcb40f320ca719b19162172824512e683f85b614ca283bde0
- SSDEEP
  
  384:nlYxU2S30UL7xkm3ePgfFLILcaTKQt0InoI+fUUW7fB:lZ2S30UXx5eofFLAcyqI+fUX9
Score

1^/10
behavioral11
- Target
  
  XWorm/Plugins/Chromium.dll
- Size
  
  25KB
- MD5
  
  3a6eaf3cf9fd0e84094192a5cfce7e64
- SHA1
  
  ff8ed394e72fd9b7f2863608dae1b8fa64e9223d
- SHA256
  
  af70e2a97457a3409f28fe5cf34ba92d8c72af681cd7989cfad71c894f85c343
- SHA512
  
  4889f483276d7baa7ee7341447043e745ee3c18144214da55258e06900d98dfc9e5a6f25aaa02ebc08ec4e942ab5b98334aee5b11d0eb8e82eb5f02e94944bc9
- SSDEEP
  
  384:DtGWc3ht3Xa7LHDxtN59V/PBPugcO/cnjqlg91YDa3ZsQkSx7:pGWcR5XeLTRP1/6qCbYW3Zszq
Score

1^/10
behavioral12
- Target
  
  XWorm/Plugins/Clipboard.dll
- Size
  
  9KB
- MD5
  
  1a29b0deb6c42d169ca2cae55a6f4cf5
- SHA1
  
  fa9b57b0e22b674375d3d19a734fdd15c3f0f306
- SHA256
  
  bae03c83eff7eff758830b02321935e6173177008c765f4241315a3b2495ea1f
- SHA512
  
  ee0b3f905eebd5dc94a2e1a1eb9efa17afae2cb2625222191cf733169fb2322f709e5db0eb81d50f949c2c37e09d89f59fe8eb99e7215bae99a33d69d7c822e8
- SSDEEP
  
  192:kPii8UcvhpOQds1TLxIW1Pn/6l7RML2rU:kZ8UcbrqTLbn/6lNrU
Score

1^/10
behavioral13
- Target
  
  XWorm/Plugins/Clipper.dll
- Size
  
  10KB
- MD5
  
  d80dd0459bfe7387f036b781432af0d8
- SHA1
  
  b5dd94f73b2d010db27a853d569cc77693c4d086
- SHA256
  
  3c391325d133abc89f2c5993d600b0a5c5ec1b0ac8294876d7a1b3731593412c
- SHA512
  
  21a780b0149026c89b4031033f9ad8835f3ea23fb70af2258203124a47d9ba81d8a9e92eff5c1af6122776fceaa6a5aa79441312f57140110dea192bd20b5202
- SSDEEP
  
  192:Yfxgo6FiR3r9UdNltsOIO/dQ1GiMIW1Pbe/hPA8/YjNMLOf:YCFar+dN/IEuGiWi/hPA8/8Hf
Score

1^/10
behavioral14
- Target
  
  XWorm/Plugins/Cmstp-Bypass.dll
- Size
  
  11KB
- MD5
  
  88b5d3e1332e54a03fc3c3b26495ea41
- SHA1
  
  f0887e234c6dcef917b2de402469c7089cc8070b
- SHA256
  
  a5f827dcc41334dfae71dc0c6eb219e6926538845066ac5fd1b06e44762fd6fa
- SHA512
  
  0ecd20af089a19ca9199fcaf239fffeafd76613cebdaaaba073572fd06cd7e0a8dbdfc6c13f8f38bb659c4ad43dc1eef3cc65902048638086c04232c5f0d1f9c
- SSDEEP
  
  192:6ZcVJH7Z1m+Vn8kPWwuv5YTqPgGO2XWbAaugyaTcIW1vr/DTEaliys7nuJYATLuK:B/7ZAuaiqJBXWbXpyaTir/35liysyJYR
Score

1^/10
behavioral15
- Target
  
  XWorm/Plugins/Computerdefaults.dll
- Size
  
  10KB
- MD5
  
  8d58916cbbd55a74d6b76e03d051f827
- SHA1
  
  520834e9fb0e129f0a291f9722d3b3873dd5e2c4
- SHA256
  
  e4cfebcb6c8e2fe772b81f765e0a6304444b1afa17a110f92a4c73e085b33c49
- SHA512
  
  fea73b858f96c7612f8ed278d74bfb1cd9df1857813c1837bc1dbfdbe2b127b373e5c03e984b09099be6d5f011322e75c0d49f2b55273291b29dab098e4ae578
- SSDEEP
  
  192:Py3eljoEikzHGOinDgyITjIW1PD/lf5lrljlQ0lIdlU5SxEFocTLuM:Py6riCmb0yITND/lfHiGofM
Score

1^/10
behavioral16
- Target
  
  XWorm/Plugins/DeletePoints.dll
- Size
  
  9KB
- MD5
  
  b1ad12b70031d25328997341ebbe65b9
- SHA1
  
  f58dab7365475dffe67fd29fd1a73dc5c0bb6c73
- SHA256
  
  dd49e154a4f8b3bae165b9209eabfe7dd32c0af570b94c90869c42e9f0b7d3a8
- SHA512
  
  2003cbecef96c9d6207c70defd7a5b7e3f11fac5f1853bebcd937e14393eaaee349c7c654482c5286fca66f9a9cb7abb0757a5b25c928eea518bc9bd570c51fc
- SSDEEP
  
  192:3IhxzJoUYMqYzB2FCTCGO70140TwIW12nHFQ7eVMLuW:3IhxKUY9Yz9DxXTZnH67enW
Score

1^/10
behavioral17
- Target
  
  XWorm/Plugins/DicordTokens.dll
- Size
  
  6KB
- MD5
  
  e9fa45949d252552a2289d019861f6c2
- SHA1
  
  ff7621f3309899a8815bd2665b51651df0a802bf
- SHA256
  
  06c4bcd35960f76430e4f062049cc62a4ab4575e1fea91c369ac509c7fc27ba5
- SHA512
  
  13854f7a518f64dcb2c47990e2cba2640fd401d70b346bd69bdf0fe76e549718dbf35c0b206b85aab820f7a73695ae46205580bb4b8b25cc1c9602a04608c674
- SSDEEP
  
  48:6xbV/BvVV5VydE/tjIaVvNXOu5RKgS8PCtcUl8nNMAcx3numn2sex05x0i+HmliF:WBpVydE/9Fiwvx6tcUlrA0v0i+mldJ
Score

1^/10
behavioral18
- Target
  
  XWorm/Plugins/DisableWD.dll
- Size
  
  13KB
- MD5
  
  015a3af937bc633ea5a2965d8d1a9d8e
- SHA1
  
  abeb97fe5dc8b6181463ce8ac08c9d7c6f587eba
- SHA256
  
  19cf8cd1c95073932b0b179852d2c4f2aa0c7a1d255918043e449fcdeccc7471
- SHA512
  
  1a1a8d8f30ea06d79df8dd24c54fdb9c5c27362c675d62f12189a5366c54ed52c1a21bae3f8ba438e5c71606df4e4cfe722e211211c2e12f22695d52cd7541cb
- SSDEEP
  
  192:rQLEv8T4LLpNkQvmDbeNEDTRQmCkUE2WKU1GO0zb7lgJ1T9IW1Un/3eKtfKioieO:rojqEdJUEDtw9zbyJ1TMn/3eulV4XbU
Score

1^/10
behavioral19
- Target
  
  XWorm/Plugins/Email.dll
- Size
  
  4.6MB
- MD5
  
  bc481b237a7209cf311b9dfb5ec83340
- SHA1
  
  f7fb9da4171e1c27b14965f7df9c55678c72f18c
- SHA256
  
  e7f871011c6e9860f36a707583b73f1664bec91e4f971dec78343015da7ea319
- SHA512
  
  2eb9b61f0aa2c18832041d1c79f55c6496a02e8da2057634cbf462544ee62636fa9b4125ceabafa45a765ed7b1542825fc611c5a751ff07b4af002821dd334fb
- SSDEEP
  
  98304:wR1dWdFt15LrL3sO59meXDZu1Byz9nXvOs9H9wF9QOIkChiDC9OtH7c2iwGx:YsFtvvsO59jDZ6SLwFPIkC8C9OH7c2il
Score

1^/10
behavioral20
- Target
  
  XWorm/Plugins/Encoder.dll
- Size
  
  11KB
- MD5
  
  9738f59a7c768b84131edf7ae1d5090a
- SHA1
  
  30e5c9235266c2ea6689a8034c84d4cf0e54bb81
- SHA256
  
  791ada825466fc9197c5dfa8601cd398ad0a06974cd0dd3987e8c4cb17a9c288
- SHA512
  
  0273c770ba0076568c1025d5674742022821cf09e9d76ffe090b898ade59b409c89465d19b2ffa2e86adba2183e10de626b7526352611ab08b4c9ffcde0f3675
- SSDEEP
  
  192:igv9Y4KofL4k6Ppll8dld5efBGOzutx1b+T+IW1PnQ7SiApjzH/L2aN:/v9woj4RsrPefMCuVqTAnQApjz66
Score

1^/10
behavioral21
- Target
  
  XWorm/Tools/HVNC-Server.exe
- Size
  
  112KB
- MD5
  
  2bc558b0cf60f8c5a17d16299e07a030
- SHA1
  
  9a6a53a088cdbab38201b11015e58aacb85e1dc6
- SHA256
  
  83178407d4761df1439304df2f08ec6df4e216986fab12590b6339186291b591
- SHA512
  
  21ed30fb07a670ca4cf44527d34d201735dac1a9c23e7cc709983c3dbff75cdeec8380c2fe795270fd77203fa9e59b34a324acdb0815c8654b819269e52d9ce8
- SSDEEP
  
  3072:cl/0Gw9hSR3UFqhHe9Z0SZDz4PUF8FaBh3:cl8GjtChHh3
Score

1^/10
behavioral22
- Target
  
  XWorm/XHVNC.exe
- Size
  
  1.9MB
- MD5
  
  c37f177e2879dc2ecdceaf1aeb449406
- SHA1
  
  e982cd723945ef180a6625a383fc380d709fa03a
- SHA256
  
  b34eef7bcfe99893c161988f810f4306533cff5a8de58d715c0ed091af5abbd1
- SHA512
  
  7832f8329928d608a6e5f9a34045d78fcf16221e498e977d075e14c7a757ec2445e6970359731c34d57ac9535d7586d35bae61e448e64b4ea9af173e2b32cfaf
- SSDEEP
  
  24576:R3DsCsazef+APWb6+CILRbTcJiWevOIWr9Lrdl5p0WdaMCtGjC+UbC:B8F+CWb6+CILRncZe65rb5p0ehVCre
Score

1^/10
behavioral23
- Target
  
  XWorm/XWorm V2.0 License Gen.exe
- Size
  
  225KB
- MD5
  
  56dcef9a4795559fd638f05eb860b11d
- SHA1
  
  e181527942a8d27e238b9de45833679edad4d0cd
- SHA256
  
  b9f5ba224c9cfbe8a58285e3e39d252f592e08fef770ba48aee5c722ea39de79
- SHA512
  
  a85435e0386ccc5824db4918ef5d3e96b4bb1fa0da94a1e23278839b91406f6d501b51570ce971fe734b7cf04767395f2a300fef0039c6336a8fdaf18652fcbc
- SSDEEP
  
  768:4Tzw4kGsrA+uOaQTVqEo0jaf6mFSyT5rphEo0jaf6mFSyZ5rkMj:8w4kGssqaQ8ERafjVhERaf19j
Score

1^/10
behavioral24
- Target
  
  XWorm/XWorm.exe
- Size
  
  7.0MB
- MD5
  
  2b27a14a26f2ed62e40d81360db33890
- SHA1
  
  7ef6a70c2138725b9712652e24bed413a87c5687
- SHA256
  
  33cdcb6c4a7a05df5202505883ca70fabcf466b53ca73a44e050b85873f654fb
- SHA512
  
  a94376a06060a88bdb946d031c0b43eb490e89d85891d86f1e1c5589936910cb50a26515f43a51bd9f3a95a19ed0df52a8245e3cd34be9639b0a032f7beb1afe
- SSDEEP
  
  98304:6qbijWqZ2b30FOWLqr8TTTTTTtPfPQVKw+WLqgBGuf2e2b542q:6qbPjbkFOWurAfPNWugBG1V42
Score

1^/10
behavioral25

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25