General

  • Target

    XWorm-RAT-main.zip

  • Size

    34.8MB

  • Sample

    230802-t1597aff46

  • MD5

    82ccb74455818f185b285bcfe0338c7d

  • SHA1

    e30b03aa4e431c7244145963871ab43419440415

  • SHA256

    f0eb7f58edc94075cf2d0567ad4b9c7153f7bdeca5e3537ee88360214f6a9076

  • SHA512

    ed9cd181d17aee8a40c128c8476439f8bd13ce4984881d852eca9f26dcd79e773b637893b4b96194cca866c6483d22ebd3eb762a07f1846dc2aa579b38d3dc6d

  • SSDEEP

    786432:1jVrlNnSWOwfT9SMQ+BpOspoclWQWBtDQXzTnHB35FyGIYyiIKe:hbVSwfhS4TOshANlWh35F/IMI

Score
10/10

Malware Config

Targets

    • Target

      XWorm-RAT-main/XWorm RAT V2.1/Tools/HVNC-Server.exe

    • Size

      112KB

    • MD5

      2bc558b0cf60f8c5a17d16299e07a030

    • SHA1

      9a6a53a088cdbab38201b11015e58aacb85e1dc6

    • SHA256

      83178407d4761df1439304df2f08ec6df4e216986fab12590b6339186291b591

    • SHA512

      21ed30fb07a670ca4cf44527d34d201735dac1a9c23e7cc709983c3dbff75cdeec8380c2fe795270fd77203fa9e59b34a324acdb0815c8654b819269e52d9ce8

    • SSDEEP

      3072:cl/0Gw9hSR3UFqhHe9Z0SZDz4PUF8FaBh3:cl8GjtChHh3

    Score
    1/10
    • Target

      XWorm-RAT-main/XWorm RAT V2.1/Tools/ResHacker.exe

    • Size

      1.0MB

    • MD5

      d285a10c73da68b027951a2038a7ae0d

    • SHA1

      e3e5712df92ed49d6cd429799e6e557af093da06

    • SHA256

      aeeac91ca85c59309a8d6f7109a84e1ee6d4817498417373e7c3c93dac7bb1e5

    • SHA512

      150b47f6b4ab2c33c818843ddf30562c85055c1be5bbda7bc347bf36116b4d8d8f7b78303342e9eb667facd37a841eb7d930de325f25d170b680e97f8dfed48e

    • SSDEEP

      24576:XS9wlTzi2gQO1PMV2DCHAJ2glv9fJVOYfJSzaSArbz2jQOS/:C9ijgQO1PMDozYAPz2UN/

    Score
    1/10
    • Target

      XWorm-RAT-main/XWorm RAT V2.1/Tools/vncviewer.exe

    • Size

      1.5MB

    • MD5

      b8d15cd10f1e9ff6adeae64fbbeb755b

    • SHA1

      f962549e42b58a056b11a9ba9750a30bc76844d7

    • SHA256

      823168f7ff268a96aa80d915d946411ef214e7597c73312b19f9723d704b1396

    • SHA512

      1478c76b08a8aa9cf9db927ea371c192ade81d8e27d394613f05aa60011fa8bc46ada115ab4c8c9aa75fcf86dbb62f7089a211f58270c984a204c91465cd07af

    • SSDEEP

      24576:Jj/05kjHhc0Vo68/RWyVae30Zh6FSCTpf2kveQn5poM5lcOBo:JY5kdc0G68/RVoe3+MTZ2kFroM5lxBo

    Score
    1/10
    • Target

      XWorm-RAT-main/XWorm RAT V2.1/XHVNC.exe

    • Size

      1.9MB

    • MD5

      4904329d091687c9deb08d9bd7282e77

    • SHA1

      bcf7fcebb52cad605cb4de65bdd077e600475cc7

    • SHA256

      e92707537fe99713752f3d3f479fa68a0c8dd80439c13a2bb4ebb36a952b63fd

    • SHA512

      b7ba131e9959f2f76aa3008711db9e6f2c4753a232140368be5c8388ab0e25154a31e579ef87fe01a3e4bc83402170bb9fbf242c6f01528455246b793e03fdfb

    • SSDEEP

      24576:CmErCsazef+APWb6+CILRbTcJiWevOIWr9Lrdl5p0WdaMCtGjC+Ub:CPF+CWb6+CILRncZe65rb5p0ehVCr

    Score
    7/10
    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Target

      XWorm-RAT-main/XWorm RAT V2.1/XWorm-RAT-V2.1-builder.exe

    • Size

      3.2MB

    • MD5

      339b7f92641c0f5161731fc681aaeb3a

    • SHA1

      21d2d89e9ade90df638f33d314ac68e30f6aa52e

    • SHA256

      b6fb77dfd00695678b06ed122523a0b067077fe69113f395661cd3be748d9f7c

    • SHA512

      58e5ff1d92be52df114b7f060d700823dff9158ec765cf9b19ab9df0ace2669405467f49d1bd56ce04871683fbcbaace5976ebdbd1575490ff411333a3905134

    • SSDEEP

      24576:o08GeFzFDzPLDP8c1uAowyLQfB/eVjKIOQaBcM707ae8gpeJF+kR8YD2Y35/5Mb6:4/TjrHWKWDOQko29ueJsq8z

    Score
    3/10

MITRE ATT&CK Matrix

Tasks