98293075b20ad86a0c98fdb2ac14decc7752232a94c6da5fa77d8cbb04894b23 | Triage

Submit
Reports

Overview

overview

Static

static

Xworm V3.0...or.exe

windows10-2004-x64

7

Xworm v3.0...or.exe

windows10-2004-x64

7

Sharing

General

Target

Xworm V3.0 Cracked By ESCANOR.rar
Size

50.9MB
Sample

230312-2jrz8sff87
MD5

9beb2a6a3c038b593c1097f7c45b2f32
SHA1

380808ebc23db6d49b5e0bf8a044ce1d9acb543d
SHA256

98293075b20ad86a0c98fdb2ac14decc7752232a94c6da5fa77d8cbb04894b23
SHA512

e8c777eea7d47a8dec3969604ff1895b8dfbd9841ec4621ecbe990fe1e7e0b892335cce6de34f4d8d0853baf086a6f8e42b2800b0c30c2298399b4f8a6367de3
SSDEEP

1572864:mUxIGaiWa5+yreZ9LQjC6uWv5+yreZzUxIGaU:mx1tZy89LaYy8zx1U

Score

10^/10

agilenet

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Xworm V3.0 Cracked By ESCANOR/Xworm v3.0 Cracked By Escanor.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

Xworm v3.0 Cracked By Escanor.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  Xworm V3.0 Cracked By ESCANOR/Xworm v3.0 Cracked By Escanor.exe
- Size
  
  11.3MB
- MD5
  
  87c0e0489f690aca435b7fa0b41a9b3e
- SHA1
  
  53e3f67c3c800866eca4d69b6d0a88913f195e6d
- SHA256
  
  65143d900e8afe9b3254cd47a59b127f2b12601417140149e931aaf1a3270fc4
- SHA512
  
  97ff1fb38f7179026d832edacfac1579bba9c1c6fd54e2928479c3f97e143a0a65661685e12227c3a087fa499deb02a7995d051a1894906361705bd8d9477db7
- SSDEEP
  
  196608:tlc4uM1wTF49PkNM6cyXKoRkLZvaU6ScXc4sqgCzlMNxKa+M9d:tlc49W4uNM6cyXKS4vKSoiqgASNUPq
Score

7^/10

agilenet
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral1
- Target
  
  Xworm v3.0 Cracked By Escanor.exe
- Size
  
  11.3MB
- MD5
  
  87c0e0489f690aca435b7fa0b41a9b3e
- SHA1
  
  53e3f67c3c800866eca4d69b6d0a88913f195e6d
- SHA256
  
  65143d900e8afe9b3254cd47a59b127f2b12601417140149e931aaf1a3270fc4
- SHA512
  
  97ff1fb38f7179026d832edacfac1579bba9c1c6fd54e2928479c3f97e143a0a65661685e12227c3a087fa499deb02a7995d051a1894906361705bd8d9477db7
- SSDEEP
  
  196608:tlc4uM1wTF49PkNM6cyXKoRkLZvaU6ScXc4sqgCzlMNxKa+M9d:tlc49W4uNM6cyXKS4vKSoiqgASNUPq
Score

7^/10

agilenet
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Legitimate hosting services abused for malware hosting/C2
behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy