General
-
Target
XWorm-RAT-main.zip
-
Size
34.8MB
-
Sample
230802-t1597aff46
-
MD5
82ccb74455818f185b285bcfe0338c7d
-
SHA1
e30b03aa4e431c7244145963871ab43419440415
-
SHA256
f0eb7f58edc94075cf2d0567ad4b9c7153f7bdeca5e3537ee88360214f6a9076
-
SHA512
ed9cd181d17aee8a40c128c8476439f8bd13ce4984881d852eca9f26dcd79e773b637893b4b96194cca866c6483d22ebd3eb762a07f1846dc2aa579b38d3dc6d
-
SSDEEP
786432:1jVrlNnSWOwfT9SMQ+BpOspoclWQWBtDQXzTnHB35FyGIYyiIKe:hbVSwfhS4TOshANlWh35F/IMI
Behavioral task
behavioral1
Sample
XWorm-RAT-main/XWorm RAT V2.1/Tools/HVNC-Server.exe
Resource
win10v2004-20230703-en
Behavioral task
behavioral2
Sample
XWorm-RAT-main/XWorm RAT V2.1/Tools/ResHacker.exe
Resource
win10v2004-20230703-en
Behavioral task
behavioral3
Sample
XWorm-RAT-main/XWorm RAT V2.1/Tools/vncviewer.exe
Resource
win10v2004-20230703-en
Behavioral task
behavioral4
Sample
XWorm-RAT-main/XWorm RAT V2.1/XHVNC.exe
Resource
win10v2004-20230703-en
Behavioral task
behavioral5
Sample
XWorm-RAT-main/XWorm RAT V2.1/XWorm-RAT-V2.1-builder.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
XWorm-RAT-main/XWorm RAT V2.1/Tools/HVNC-Server.exe
-
Size
112KB
-
MD5
2bc558b0cf60f8c5a17d16299e07a030
-
SHA1
9a6a53a088cdbab38201b11015e58aacb85e1dc6
-
SHA256
83178407d4761df1439304df2f08ec6df4e216986fab12590b6339186291b591
-
SHA512
21ed30fb07a670ca4cf44527d34d201735dac1a9c23e7cc709983c3dbff75cdeec8380c2fe795270fd77203fa9e59b34a324acdb0815c8654b819269e52d9ce8
-
SSDEEP
3072:cl/0Gw9hSR3UFqhHe9Z0SZDz4PUF8FaBh3:cl8GjtChHh3
Score1/10 -
-
-
Target
XWorm-RAT-main/XWorm RAT V2.1/Tools/ResHacker.exe
-
Size
1.0MB
-
MD5
d285a10c73da68b027951a2038a7ae0d
-
SHA1
e3e5712df92ed49d6cd429799e6e557af093da06
-
SHA256
aeeac91ca85c59309a8d6f7109a84e1ee6d4817498417373e7c3c93dac7bb1e5
-
SHA512
150b47f6b4ab2c33c818843ddf30562c85055c1be5bbda7bc347bf36116b4d8d8f7b78303342e9eb667facd37a841eb7d930de325f25d170b680e97f8dfed48e
-
SSDEEP
24576:XS9wlTzi2gQO1PMV2DCHAJ2glv9fJVOYfJSzaSArbz2jQOS/:C9ijgQO1PMDozYAPz2UN/
Score1/10 -
-
-
Target
XWorm-RAT-main/XWorm RAT V2.1/Tools/vncviewer.exe
-
Size
1.5MB
-
MD5
b8d15cd10f1e9ff6adeae64fbbeb755b
-
SHA1
f962549e42b58a056b11a9ba9750a30bc76844d7
-
SHA256
823168f7ff268a96aa80d915d946411ef214e7597c73312b19f9723d704b1396
-
SHA512
1478c76b08a8aa9cf9db927ea371c192ade81d8e27d394613f05aa60011fa8bc46ada115ab4c8c9aa75fcf86dbb62f7089a211f58270c984a204c91465cd07af
-
SSDEEP
24576:Jj/05kjHhc0Vo68/RWyVae30Zh6FSCTpf2kveQn5poM5lcOBo:JY5kdc0G68/RVoe3+MTZ2kFroM5lxBo
Score1/10 -
-
-
Target
XWorm-RAT-main/XWorm RAT V2.1/XHVNC.exe
-
Size
1.9MB
-
MD5
4904329d091687c9deb08d9bd7282e77
-
SHA1
bcf7fcebb52cad605cb4de65bdd077e600475cc7
-
SHA256
e92707537fe99713752f3d3f479fa68a0c8dd80439c13a2bb4ebb36a952b63fd
-
SHA512
b7ba131e9959f2f76aa3008711db9e6f2c4753a232140368be5c8388ab0e25154a31e579ef87fe01a3e4bc83402170bb9fbf242c6f01528455246b793e03fdfb
-
SSDEEP
24576:CmErCsazef+APWb6+CILRbTcJiWevOIWr9Lrdl5p0WdaMCtGjC+Ub:CPF+CWb6+CILRncZe65rb5p0ehVCr
Score7/10-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
-
-
Target
XWorm-RAT-main/XWorm RAT V2.1/XWorm-RAT-V2.1-builder.exe
-
Size
3.2MB
-
MD5
339b7f92641c0f5161731fc681aaeb3a
-
SHA1
21d2d89e9ade90df638f33d314ac68e30f6aa52e
-
SHA256
b6fb77dfd00695678b06ed122523a0b067077fe69113f395661cd3be748d9f7c
-
SHA512
58e5ff1d92be52df114b7f060d700823dff9158ec765cf9b19ab9df0ace2669405467f49d1bd56ce04871683fbcbaace5976ebdbd1575490ff411333a3905134
-
SSDEEP
24576:o08GeFzFDzPLDP8c1uAowyLQfB/eVjKIOQaBcM707ae8gpeJF+kR8YD2Y35/5Mb6:4/TjrHWKWDOQko29ueJsq8z
Score3/10 -