General
-
Target
XWorm V4.1.exe
-
Size
16.1MB
-
Sample
230722-sx2l6abf7w
-
MD5
ed4b2bfaab042b706f8033b911c2c662
-
SHA1
1a6e90f8617bc9ed856a0bf261c36f15dc8f8f60
-
SHA256
53c1ef69f9babde3d2dbd822edc3cf33de4bb7e9bb8d21e418a386edb5694b54
-
SHA512
ee8db1a2b5a0d81cda1ac766827d3defd5ed699c5e0b74777de922e64ab2b9e43f91ecbe6a449e5fcd62160f0909a3a0ed6b1bdf70f72d7ba6fe941b54009fd8
-
SSDEEP
196608:1YYSTFTqtzJ3jwi+mF4yxIdLH1ETeyXknzFW66S/gIxzqWDbDn:9yLL1ETeVWSmWDbDn
Behavioral task
behavioral1
Sample
XWorm V4.1.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
XWorm V4.1.exe
-
Size
16.1MB
-
MD5
ed4b2bfaab042b706f8033b911c2c662
-
SHA1
1a6e90f8617bc9ed856a0bf261c36f15dc8f8f60
-
SHA256
53c1ef69f9babde3d2dbd822edc3cf33de4bb7e9bb8d21e418a386edb5694b54
-
SHA512
ee8db1a2b5a0d81cda1ac766827d3defd5ed699c5e0b74777de922e64ab2b9e43f91ecbe6a449e5fcd62160f0909a3a0ed6b1bdf70f72d7ba6fe941b54009fd8
-
SSDEEP
196608:1YYSTFTqtzJ3jwi+mF4yxIdLH1ETeyXknzFW66S/gIxzqWDbDn:9yLL1ETeVWSmWDbDn
Score8/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-