Overview
overview
10Static
static
10XWorm RAT ...er.exe
windows7-x64
1XWorm RAT ...er.exe
windows10-2004-x64
1XWorm RAT ...er.exe
windows7-x64
1XWorm RAT ...er.exe
windows10-2004-x64
1XWorm RAT ...er.exe
windows7-x64
1XWorm RAT ...er.exe
windows10-2004-x64
1XWorm RAT ...NC.exe
windows7-x64
7XWorm RAT ...NC.exe
windows10-2004-x64
7XWorm RAT ...er.exe
windows7-x64
7XWorm RAT ...er.exe
windows10-2004-x64
7General
-
Target
XWorm RAT LATEST.rar
-
Size
33.3MB
-
Sample
230302-akdqfsag35
-
MD5
5ecc7362e2e6448c7cc722c23e435d7f
-
SHA1
925683d43bce3881202826e0544a5016b5c3c9db
-
SHA256
3c87c841063eb5f0e7a5a761add49376abdd154486a0a98439deda0e5fe8a538
-
SHA512
83e0c8504b6d2529c31ee65400ba139d8b384ff0a6501ded88fb1e5be6b54f5d921a5efbfcfb079c89bc00e8e9170f8d06a0c8e2735ac77a0726013e7dc6a912
-
SSDEEP
786432:jTyG3GfrNvWr4RgBaC+0RbjeugvgC3fCGwPciE6US5Pkiq/:nGfru8GIuOEWfVwb1pR+/
Behavioral task
behavioral1
Sample
XWorm RAT LATEST/Tools/HVNC-Server.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
XWorm RAT LATEST/Tools/HVNC-Server.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
XWorm RAT LATEST/Tools/ResHacker.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
XWorm RAT LATEST/Tools/ResHacker.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
XWorm RAT LATEST/Tools/vncviewer.exe
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
XWorm RAT LATEST/Tools/vncviewer.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
XWorm RAT LATEST/XHVNC.exe
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
XWorm RAT LATEST/XHVNC.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
XWorm RAT LATEST/XWorm-RAT-V2.1-builder.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
XWorm RAT LATEST/Tools/HVNC-Server.exe
-
Size
112KB
-
MD5
2bc558b0cf60f8c5a17d16299e07a030
-
SHA1
9a6a53a088cdbab38201b11015e58aacb85e1dc6
-
SHA256
83178407d4761df1439304df2f08ec6df4e216986fab12590b6339186291b591
-
SHA512
21ed30fb07a670ca4cf44527d34d201735dac1a9c23e7cc709983c3dbff75cdeec8380c2fe795270fd77203fa9e59b34a324acdb0815c8654b819269e52d9ce8
-
SSDEEP
3072:cl/0Gw9hSR3UFqhHe9Z0SZDz4PUF8FaBh3:cl8GjtChHh3
Score1/10 -
-
-
Target
XWorm RAT LATEST/Tools/ResHacker.exe
-
Size
1.0MB
-
MD5
d285a10c73da68b027951a2038a7ae0d
-
SHA1
e3e5712df92ed49d6cd429799e6e557af093da06
-
SHA256
aeeac91ca85c59309a8d6f7109a84e1ee6d4817498417373e7c3c93dac7bb1e5
-
SHA512
150b47f6b4ab2c33c818843ddf30562c85055c1be5bbda7bc347bf36116b4d8d8f7b78303342e9eb667facd37a841eb7d930de325f25d170b680e97f8dfed48e
-
SSDEEP
24576:XS9wlTzi2gQO1PMV2DCHAJ2glv9fJVOYfJSzaSArbz2jQOS/:C9ijgQO1PMDozYAPz2UN/
Score1/10 -
-
-
Target
XWorm RAT LATEST/Tools/vncviewer.exe
-
Size
1.5MB
-
MD5
b8d15cd10f1e9ff6adeae64fbbeb755b
-
SHA1
f962549e42b58a056b11a9ba9750a30bc76844d7
-
SHA256
823168f7ff268a96aa80d915d946411ef214e7597c73312b19f9723d704b1396
-
SHA512
1478c76b08a8aa9cf9db927ea371c192ade81d8e27d394613f05aa60011fa8bc46ada115ab4c8c9aa75fcf86dbb62f7089a211f58270c984a204c91465cd07af
-
SSDEEP
24576:Jj/05kjHhc0Vo68/RWyVae30Zh6FSCTpf2kveQn5poM5lcOBo:JY5kdc0G68/RVoe3+MTZ2kFroM5lxBo
Score1/10 -
-
-
Target
XWorm RAT LATEST/XHVNC.exe
-
Size
2.2MB
-
MD5
ef691f617d75f45d10af9405de47e253
-
SHA1
9be134d2c7549adf7c6678bb4c43b9f65c83214f
-
SHA256
eaead00ba98021393e7920a2f2f20e70724f716eed0933d50577786ae0289182
-
SHA512
cfe942f09cc75f44aea2eaef80e4dc6a0ebbba020b0c1cefb7efe8e158a6399fb1f5e41d696b932fac542e39ea7b5872fb1adb7c0753670a57fc0f888ee16c61
-
SSDEEP
24576:qmErCsazef+APWb6+CILRbTcJiWevOIWr9Lrdl5p0WdaMCtGjC+UbuzoVGBI:qPF+CWb6+CILRncZe65rb5p0ehVCrvT
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
XWorm RAT LATEST/XWorm-RAT-V2.1-builder.exe
-
Size
3.5MB
-
MD5
775ff5af83a841cd38d17f0e89850d31
-
SHA1
977a6139d96c3d0289b3f6ed9ec54ed2ecc0247e
-
SHA256
416d0f5e93bd4249b00d6907264d870401255dba0fa4983017ae6f34af36dc1b
-
SHA512
730628bf0f43c069728938656c939784c6146660668d9d5e91ac473f3aff0096fad0804ee2c88b9571ddba2354761668dc550ef4bae6266922dfae8cfc075349
-
SSDEEP
24576:508GeFzFDzPLDP8c1uAowyLQfB/eVjKIOQaBcM707ae8gpeJF+kR8YD2Y35/5Mbi:Z/TjrHWKWDOQko29ueJsq8z0H
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-