Overview
overview
10Static
static
10XWorm-Rat-...in.zip
windows7-x64
1XWorm-Rat-...in.zip
windows10-2004-x64
1XWorm-Rat-...er.exe
windows7-x64
3XWorm-Rat-...er.exe
windows10-2004-x64
1XWorm-Rat-...ox.dll
windows7-x64
1XWorm-Rat-...ox.dll
windows10-2004-x64
1XWorm-Rat-...er.bat
windows7-x64
1XWorm-Rat-...er.bat
windows10-2004-x64
1XWorm-Rat-...IP.dat
windows7-x64
3XWorm-Rat-...IP.dat
windows10-2004-x64
3XWorm-Rat-...I2.dll
windows7-x64
1XWorm-Rat-...I2.dll
windows10-2004-x64
1XWorm-Rat-...io.dll
windows7-x64
1XWorm-Rat-...io.dll
windows10-2004-x64
1XWorm-Rat-...DME.md
windows7-x64
3XWorm-Rat-...DME.md
windows10-2004-x64
3XWorm-Rat-...er.php
windows7-x64
3XWorm-Rat-...er.php
windows10-2004-x64
3XWorm-Rat-...NC.exe
windows7-x64
7XWorm-Rat-...NC.exe
windows10-2004-x64
7XWorm-Rat-...er.exe
windows7-x64
3XWorm-Rat-...er.exe
windows10-2004-x64
3XWorm-Rat-...UI.exe
windows7-x64
10XWorm-Rat-...UI.exe
windows10-2004-x64
10XWorm-Rat-...ib.dll
windows7-x64
1XWorm-Rat-...ib.dll
windows10-2004-x64
1XWorm-Rat-...ib.exe
windows7-x64
3XWorm-Rat-...ib.exe
windows10-2004-x64
10General
-
Target
XWorm-Rat-Remote-Administration-Tool--main.zip
-
Size
5.0MB
-
Sample
230419-r421tsda51
-
MD5
9b3b306a4a17ad6eff92e9d97e46a65e
-
SHA1
521447c757afd5cdbec84444bb247f9d411a2f2f
-
SHA256
9a2bf745baf56c027d7e4d52cc7c41cc7b2748d634677384fc2d9eecdb8f7485
-
SHA512
866b98395c6591635b1718307e3cc7a97ef620ec608a2260d28535371492f2f4c95362a46c29c4e08d69542338c4060f24a7c121b2a1e90d6d6c5ed70038781f
-
SSDEEP
98304:OjQOrfOehjeCSFFEYhqox9mv7Ys7q2f24IRUeIV1iwLZnnpha7Kmlf3:OjvKCSFFEYjbA77q2+pS5nLbEx
Behavioral task
behavioral1
Sample
XWorm-Rat-Remote-Administration-Tool--main.zip
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
XWorm-Rat-Remote-Administration-Tool--main.zip
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
XWorm-Rat-Remote-Administration-Tool--main/DisAsClaimer.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
XWorm-Rat-Remote-Administration-Tool--main/DisAsClaimer.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
XWorm-Rat-Remote-Administration-Tool--main/FastColoredTextBox.dll
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
XWorm-Rat-Remote-Administration-Tool--main/FastColoredTextBox.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
XWorm-Rat-Remote-Administration-Tool--main/Fixer.bat
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
XWorm-Rat-Remote-Administration-Tool--main/Fixer.bat
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
XWorm-Rat-Remote-Administration-Tool--main/GeoIP.dat
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
XWorm-Rat-Remote-Administration-Tool--main/GeoIP.dat
Resource
win10v2004-20230220-en
Behavioral task
behavioral11
Sample
XWorm-Rat-Remote-Administration-Tool--main/Guna.UI2.dll
Resource
win7-20230220-en
Behavioral task
behavioral12
Sample
XWorm-Rat-Remote-Administration-Tool--main/Guna.UI2.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral13
Sample
XWorm-Rat-Remote-Administration-Tool--main/NAudio.dll
Resource
win7-20230220-en
Behavioral task
behavioral14
Sample
XWorm-Rat-Remote-Administration-Tool--main/NAudio.dll
Resource
win10v2004-20230221-en
Behavioral task
behavioral15
Sample
XWorm-Rat-Remote-Administration-Tool--main/README.md
Resource
win7-20230220-en
Behavioral task
behavioral16
Sample
XWorm-Rat-Remote-Administration-Tool--main/README.md
Resource
win10v2004-20230220-en
Behavioral task
behavioral17
Sample
XWorm-Rat-Remote-Administration-Tool--main/Uploader.php
Resource
win7-20230220-en
Behavioral task
behavioral18
Sample
XWorm-Rat-Remote-Administration-Tool--main/Uploader.php
Resource
win10v2004-20230220-en
Behavioral task
behavioral19
Sample
XWorm-Rat-Remote-Administration-Tool--main/XHVNC.exe
Resource
win7-20230220-en
Behavioral task
behavioral20
Sample
XWorm-Rat-Remote-Administration-Tool--main/XHVNC.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral21
Sample
XWorm-Rat-Remote-Administration-Tool--main/XWorm-RAT-V2.1-builder.exe
Resource
win7-20230220-en
Behavioral task
behavioral22
Sample
XWorm-Rat-Remote-Administration-Tool--main/XWorm-RAT-V2.1-builder.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral23
Sample
XWorm-Rat-Remote-Administration-Tool--main/XWormUI.exe
Resource
win7-20230220-en
Behavioral task
behavioral24
Sample
XWorm-Rat-Remote-Administration-Tool--main/XWormUI.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral25
Sample
XWorm-Rat-Remote-Administration-Tool--main/dnlib.dll
Resource
win7-20230220-en
Behavioral task
behavioral26
Sample
XWorm-Rat-Remote-Administration-Tool--main/dnlib.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral27
Sample
XWorm-Rat-Remote-Administration-Tool--main/dnlib.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
37.18.62.18:8060
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
ChromeUpdate.exe
-
install_folder
%AppData%
Targets
-
-
Target
XWorm-Rat-Remote-Administration-Tool--main.zip
-
Size
5.0MB
-
MD5
9b3b306a4a17ad6eff92e9d97e46a65e
-
SHA1
521447c757afd5cdbec84444bb247f9d411a2f2f
-
SHA256
9a2bf745baf56c027d7e4d52cc7c41cc7b2748d634677384fc2d9eecdb8f7485
-
SHA512
866b98395c6591635b1718307e3cc7a97ef620ec608a2260d28535371492f2f4c95362a46c29c4e08d69542338c4060f24a7c121b2a1e90d6d6c5ed70038781f
-
SSDEEP
98304:OjQOrfOehjeCSFFEYhqox9mv7Ys7q2f24IRUeIV1iwLZnnpha7Kmlf3:OjvKCSFFEYjbA77q2+pS5nLbEx
Score1/10 -
-
-
Target
XWorm-Rat-Remote-Administration-Tool--main/DisAsClaimer.exe
-
Size
12KB
-
MD5
f922206889c896cf2d86f21e9f9db7db
-
SHA1
046b00f2edb34982db266d903627ced283f4a5ea
-
SHA256
1ac4832667db7044b1077e447d587a14dcd1270e71b8d34157a77d515b61c4b3
-
SHA512
abe82360ab14ed1e0c0c25da46a7558638671de1701e383b7a9bc122edecbc1eb13c760835a7e626a7d3ba326d4705acb53987e61d45332027913512befc4965
-
SSDEEP
192:wLwX9CLPN0LjrJUMmYVY2aq3xWrhSaadrq8uSF3u:owNCLPN0/9UMme313UrhSJUSF
Score3/10 -
-
-
Target
XWorm-Rat-Remote-Administration-Tool--main/FastColoredTextBox.dll
-
Size
333KB
-
MD5
b746707265772b362c0ba18d8d630061
-
SHA1
4b185e5f68c00bef441adb737d0955646d4e569a
-
SHA256
3701b19ccdac79b880b197756a972027e2ac609ebed36753bd989367ea4ef519
-
SHA512
fd67f6c55940509e8060da53693cb5fbac574eb1e79d5bd8f9bbd43edbd05f68d5f73994798a0eed676d3e583e1c6cde608b54c03604b3818520fa18ad19aec8
-
SSDEEP
6144:4FErOIif3RzSHh+20lXs1TzCeBcQeDbNlz7:eEeR52bmeh0n
Score1/10 -
-
-
Target
XWorm-Rat-Remote-Administration-Tool--main/Fixer.bat
-
Size
122B
-
MD5
2dabc46ce85aaff29f22cd74ec074f86
-
SHA1
208ae3e48d67b94cc8be7bbfd9341d373fa8a730
-
SHA256
a11703fd47d16020fa099a95bb4e46247d32cf8821dc1826e77a971cdd3c4c55
-
SHA512
6a50b525bc5d8eb008b1b0d704f9942f72f1413e65751e3de83d2e16ef3cf02ef171b9da3fff0d2d92a81daac7f61b379fcf7a393f46e914435f6261965a53b3
Score1/10 -
-
-
Target
XWorm-Rat-Remote-Administration-Tool--main/GeoIP.dat
-
Size
1.0MB
-
MD5
c8db63170e85b35ce51b5d1aef098708
-
SHA1
bd8489cc9017bfe308d748b1d62db1f154990acc
-
SHA256
6c15c5f8e3faec8adf4321fd8f9d62f3f4dd645dafd0f9f6c52b118001654d36
-
SHA512
4392ec79c297da34b1500799bd07eebbf1ca88b5d1efe80d9cf02d4cd9562ae617854d228876451aa53c5256f9a47b530f481da4cedb4d748b319d69a14e3a7b
-
SSDEEP
24576:fGATlAgl5jSz0XunQYrkuDlffwc2uyWMI:e4FlpeaunQKkuhZ
Score3/10 -
-
-
Target
XWorm-Rat-Remote-Administration-Tool--main/Guna.UI2.dll
-
Size
2.1MB
-
MD5
d65fd6dbbd3c9ac74139aeaedc4a5816
-
SHA1
407ae10ccc8e19798bf75cb90b2150cb63a9db66
-
SHA256
84199a22c8669a39800272c3da0d969ec4e8d77d67b9d324ca049953a5042c71
-
SHA512
b8a99e88d49a6f9ff89339fa5acc9df8b59665d2ec22ccb4741e501bba6b280b00336906a637d8f071f86a4dcd68ca4ac86683e651466f084cb96d0e3152eddf
-
SSDEEP
49152:ClU6fD73waJnBA5lV8jldVmIgA5iKOvhn:ClU6vznglEldVmIJi/vt
Score1/10 -
-
-
Target
XWorm-Rat-Remote-Administration-Tool--main/NAudio.dll
-
Size
502KB
-
MD5
3b87d1363a45ce9368e9baec32c69466
-
SHA1
70a9f4df01d17060ec17df9528fca7026cc42935
-
SHA256
81b3f1dc3f1eac9762b8a292751a44b64b87d0d4c3982debfdd2621012186451
-
SHA512
1f07d3b041763b4bc31f6bd7b181deb8d34ff66ec666193932ffc460371adbcd4451483a99009b9b0b71f3864ed5c15c6c3b3777fabeb76f9918c726c35eb7d7
-
SSDEEP
6144:96/i10SZtfzWctj98vZcE0wmLlaIZs5eku2sX2hrjAzvgmXa6W9FwsT9idwktQZG:9yrSKMJR9aGs55T1X9Fwspi2tGpmS
Score1/10 -
-
-
Target
XWorm-Rat-Remote-Administration-Tool--main/README.md
-
Size
1KB
-
MD5
41c22fcb0efabfa87cbbffecbc937751
-
SHA1
95d4333b21e76a8c9e9da8a03aecea63dbbd9d01
-
SHA256
3bab4c7a92515f24f23cdec831c628cd842887e2cc702e9eed3ef1a4c8c74f67
-
SHA512
9ce138db160649ca4e9a0881c7859ff63a9761695fe48e5195f79b5ceb8f2102947019304a2de972813c76c74fb2fb4bbda1c5e99860463c708057bcf820cef8
Score3/10 -
-
-
Target
XWorm-Rat-Remote-Administration-Tool--main/Uploader.php
-
Size
747B
-
MD5
8da24c5cbbfb87879d150dc438ca3c4c
-
SHA1
b572a99b3cdc5332a927629406bf999150d034ce
-
SHA256
6e69ff9be3bade50f81e40f518a8c8ca83e45c8016cae41404068e924f3cd7a3
-
SHA512
8ad1ce583a40232131d2ed4c40437630639cabe845252b52bfd83e0beca8c8f022d193a9f9f895ec802c424c492cb18a3c5800d87af53fee53ff1a5fc6d99887
Score3/10 -
-
-
Target
XWorm-Rat-Remote-Administration-Tool--main/XHVNC.exe
-
Size
1.9MB
-
MD5
4904329d091687c9deb08d9bd7282e77
-
SHA1
bcf7fcebb52cad605cb4de65bdd077e600475cc7
-
SHA256
e92707537fe99713752f3d3f479fa68a0c8dd80439c13a2bb4ebb36a952b63fd
-
SHA512
b7ba131e9959f2f76aa3008711db9e6f2c4753a232140368be5c8388ab0e25154a31e579ef87fe01a3e4bc83402170bb9fbf242c6f01528455246b793e03fdfb
-
SSDEEP
24576:CmErCsazef+APWb6+CILRbTcJiWevOIWr9Lrdl5p0WdaMCtGjC+Ub:CPF+CWb6+CILRncZe65rb5p0ehVCr
Score7/10-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
-
-
Target
XWorm-Rat-Remote-Administration-Tool--main/XWorm-RAT-V2.1-builder.exe
-
Size
3.2MB
-
MD5
339b7f92641c0f5161731fc681aaeb3a
-
SHA1
21d2d89e9ade90df638f33d314ac68e30f6aa52e
-
SHA256
b6fb77dfd00695678b06ed122523a0b067077fe69113f395661cd3be748d9f7c
-
SHA512
58e5ff1d92be52df114b7f060d700823dff9158ec765cf9b19ab9df0ace2669405467f49d1bd56ce04871683fbcbaace5976ebdbd1575490ff411333a3905134
-
SSDEEP
24576:o08GeFzFDzPLDP8c1uAowyLQfB/eVjKIOQaBcM707ae8gpeJF+kR8YD2Y35/5Mb6:4/TjrHWKWDOQko29ueJsq8z
Score3/10 -
-
-
Target
XWorm-Rat-Remote-Administration-Tool--main/XWormUI.exe
-
Size
49KB
-
MD5
9b64d05f82ebaa3e51a79c1beeed2181
-
SHA1
28b89cd9f181c41586b06f3e3c1f90e2270781ef
-
SHA256
93c7fd938042af85f3d429c387b04952f4b97832857fbf0156ae82e4f516fcf8
-
SHA512
580bc63ec3e6993099deae7e103f8565b42cce3288d78186f9dabea3d8e5c2e6816e1b20439fafd5b94ff24cbaa3eba1154cb995692b3674d5c5c63b6c1dfc13
-
SSDEEP
768:xuQSNTvEEaBrWUXQd5mo2qmiVzKSPCiPIxUjbHgX3iRudoy8FEY+YBDZSxDlD:xuQSNT8542xW6x0bAXSox8deDlD
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
XWorm-Rat-Remote-Administration-Tool--main/dnlib.dll
-
Size
1.1MB
-
MD5
9ed69fbbfdec5d95ea229da3969dd77b
-
SHA1
7972339f0a1b6a28a2f335c84cdfc5d9beee72b6
-
SHA256
e8bc7a627149386cb3cf714ae0101f69440f72cf2e7468a677b727b32aaed755
-
SHA512
61bfaa00736487ed736a27c1a9e45ce14b578452471866d195ce1a4736e72bd4bec98938b8cbb83ffbf09cbf188e9b8760452cc95ee30565414882aadd0171a6
-
SSDEEP
24576:+9itfCdSZYeP0jsLpPl44znxuhv7fBTu1Z:W5QF6
Score1/10 -
-
-
Target
XWorm-Rat-Remote-Administration-Tool--main/dnlib.exe
-
Size
12KB
-
MD5
6967b97ce4ff4524883a196a97736275
-
SHA1
6fdf2b9adc16b40a06bacc7db0abee917ef4abd3
-
SHA256
e2bddf56324addac02678a7fd8d9c3da24ad55132883ad826a1a60eaf4e4a034
-
SHA512
c71525d49e36975cb43535cff5176409163b14f53b644e3d161fd56f7514f0affbda051541a07d9af4cdc45a564dfad20a23584701499a0f03e531219c9f72be
-
SSDEEP
192:zLlo6IXsbK9CLPN0LWyJUMmYVY2QQq33WrmRaadrq8uSF3:PljIeyCLPN0CUUMme3o3mrmRJUSF
-
Async RAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-