xworm

Sharing

Copy URL Twitter E-mail

General

Target

Xworm.rar
Size

25.5MB
Sample

230828-rwycnsbf76
MD5

e84fe0a212cfcf667c5fc223a933be8e
SHA1

49611effd287994348b6b0a05c448aa4ae563dfa
SHA256

3083471838ca2c7f5c63ffde807c0cf2be168ec3c41c13eb80c49224bf7473c6
SHA512

aa6d9b77a4baf38172ba9b4928a7518b93564739793da806c5bf688574d5eb1e38bc40f02395117922e772fb7fcbf2525a42e2442b4ba2b1381f0838444164c6
SSDEEP

786432:CKaS7nbdHxn8Olq5INyrYl4M9fPCNbImtNPWV:CKnpWyq5+yreZ9C5Xg

Score

10^/10

Malware Config

Extracted

Family

xworm

comes-reasoning.at.ply.gg:12803

Attributes

install_file
USB.exe

Targets

- Target
  
  xw/Fixer.bat
- Size
  
  122B
- MD5
  
  2dabc46ce85aaff29f22cd74ec074f86
- SHA1
  
  208ae3e48d67b94cc8be7bbfd9341d373fa8a730
- SHA256
  
  a11703fd47d16020fa099a95bb4e46247d32cf8821dc1826e77a971cdd3c4c55
- SHA512
  
  6a50b525bc5d8eb008b1b0d704f9942f72f1413e65751e3de83d2e16ef3cf02ef171b9da3fff0d2d92a81daac7f61b379fcf7a393f46e914435f6261965a53b3
Score

1^/10
behavioral1
- Target
  
  xw/NAudio.dll
- Size
  
  502KB
- MD5
  
  3b87d1363a45ce9368e9baec32c69466
- SHA1
  
  70a9f4df01d17060ec17df9528fca7026cc42935
- SHA256
  
  81b3f1dc3f1eac9762b8a292751a44b64b87d0d4c3982debfdd2621012186451
- SHA512
  
  1f07d3b041763b4bc31f6bd7b181deb8d34ff66ec666193932ffc460371adbcd4451483a99009b9b0b71f3864ed5c15c6c3b3777fabeb76f9918c726c35eb7d7
- SSDEEP
  
  6144:96/i10SZtfzWctj98vZcE0wmLlaIZs5eku2sX2hrjAzvgmXa6W9FwsT9idwktQZG:9yrSKMJR9aGs55T1X9Fwspi2tGpmS
Score

1^/10
behavioral2
- Target
  
  xw/Plugins/ActiveWindows.dll
- Size
  
  14KB
- MD5
  
  d45c2a95c5670074713be9e669e4d610
- SHA1
  
  96d26829b4ef8156eb5906f84535866f7f859203
- SHA256
  
  4263c50674c6ab64a9b5a1ad5e301628baa975e4c919d0c7767ec39adf4cbfe0
- SHA512
  
  e15a8fc7fa81ad1a6446db7c18494b2e4c15ab28844dbb77deadcae72064ed6bd6e08fe59604c27bd4e44ed059c1a424f322a753293d76bd574262aa31b9e3ea
- SSDEEP
  
  384:7qIGejCUccJeGCJWM2YFegdT8Ft0Y7XZ3W6DMz:7qIGeXcWrCJ+EtYZ3W6Du
Score

1^/10
behavioral3
- Target
  
  xw/Plugins/All-In-One.dll
- Size
  
  4.8MB
- MD5
  
  f21e73b79f9aec821c976b4fbae7225c
- SHA1
  
  7be974156ad16f23f4b91b47c380f8c3422a9863
- SHA256
  
  2987ef4a83e2c44a9abe57cdd9a4bc2b8cbaa01f6835c45cfce180b4d978982c
- SHA512
  
  476bdb0c6ac8703e467c51b90b23e45ab72a2e81652e3106732b69d9d299c277c0f9d308117cd338089d3578ebe73d12559b4300fda24d32ca7f1991827aa8df
- SSDEEP
  
  98304:pl19F9QORkChiDC9OtH7c2iwGxIvPBOw0JefVfQ2a5cFd4KssODtd:J9FPRkC8C9OH7c2ilInz0kfVo26Wsd
Score

1^/10
behavioral4
- Target
  
  xw/Plugins/Chat.dll
- Size
  
  18KB
- MD5
  
  c1a27e18603cdd587ae47e0e4b71c5f1
- SHA1
  
  9a8a3b938c0e4c79687750dbbd459ff3879c4c2f
- SHA256
  
  eef8fb30e32b48e1480a6131de34436c0a8efafcf807856fcebd618661b7a6c6
- SHA512
  
  53467107f6f0443854879d61135d73e04e387f9cc5e6ccd277732d582095eea9268d5ad6be1a8502421109ba77d86bb20d42efbe67b97d309b4c6c215b6575b9
- SSDEEP
  
  384:KeUeLD8aDbXCtSeEd3uq7uQZRHUrwTKvt0GIKoIkfiUWGfZ:MkbCtSeE5uq7uQYr0HIkfiX6
Score

1^/10
behavioral5
- Target
  
  xw/Plugins/FileSeacher.dll
- Size
  
  478KB
- MD5
  
  21e5acae055bddd2ad584271d77f881e
- SHA1
  
  df3b8db334e5bce0597cea77a4770fad8d7db6fb
- SHA256
  
  557a215cec1a3df37da8a6798354e79a3a70f548f7955cfa43a2d75e1d037053
- SHA512
  
  52896aabc03595320370a1318749e899b451020f74cedc511b6daa618908bcaa4aee7d0b808a4df6721e2c1a4f93e2f84cea00179f0c7149dccbe6f155eb3dab
- SSDEEP
  
  6144:OPv5T5fIIC8W8XqeGtSV41QJDsTDDh0Yhe6dwxLV/vuhgS0mOdwcG:0nfIICLlS4Ys50ie6CfigSji
Score

1^/10
behavioral6
- Target
  
  xw/Plugins/HRDP.dll
- Size
  
  1.7MB
- MD5
  
  e8130166c9f0919f0c94f989898a26b2
- SHA1
  
  3611474d473bad7474f8bea8e3277652d72cd3b4
- SHA256
  
  7d4b0d5cc5f09f26183aa34468b78b083ddd895802a41273583f45202a9a618e
- SHA512
  
  a444b8945dec63fa64452408cb0f3f95d5b60330b74f927df7e16feedad08862d164381a137bf2a14c42af5fe9eaa6813c2f8d1d44fcbe570eec3b7cecf12a8d
- SSDEEP
  
  24576:UrKxoVT2iXc+IZ++6WiaTAsN/3ebTvK+63CWH8iA/iD2hgPjcC8SVdKumYr7:RHZ5pdqYH8ia6GcKuR7
Score

1^/10
behavioral7
- Target
  
  xw/Plugins/HVNC.dll
- Size
  
  57KB
- MD5
  
  cb5c8cd73ed161125e46bb455fe468b5
- SHA1
  
  2f5852f549262e0a5ee8e385c336e3d9860e3441
- SHA256
  
  3a17d1922ada241def8a14f9ac7a7789bf2b5dd4cc9045ed08f28546982c233d
- SHA512
  
  e6f26e61e8c75fa18d7b6e8800b07104f1314cd312d85b3d3d0db7f8d482bc4582a7237643d24308e0b7ccb5d779b666be6216b3364e6d0d7ee9aeeaa40394bd
- SSDEEP
  
  1536:uth/ecTkz12BWR7mmt+0d7tzGxh23tnc2/:2h/ejz12BWR78M7tCxh2hz/
Score

1^/10
behavioral8
- Target
  
  xw/Plugins/Informations.dll
- Size
  
  22KB
- MD5
  
  92ba1499b2547f0e38e26360f94101af
- SHA1
  
  71b9ac23eca1c0f50517631cffe59ec1950147b3
- SHA256
  
  0452d60d658a43929bf2d5bc049e2c57c2d61f58b6444bab88834c870305dfdf
- SHA512
  
  1106d4386cda5fe98736138e0e6a01fb2e234700a9e5ed61e2b6a59cdfc82cf82dc2486488944ad009ad34fb3a04b9894bd52fea52968741350b09c7975d4d9c
- SSDEEP
  
  384:4nQf5APE80e6vkD7RQQpOJXWn3TmoNhxJNSOFD4rfZ41:4nQfGPEOD7vcJKj3NSDZQ
Score

1^/10
behavioral9
- Target
  
  xw/Plugins/Ngrok-Disk.dll
- Size
  
  7.0MB
- MD5
  
  e11f0adf9a1374112ee0b52ca41a2a9b
- SHA1
  
  23c742a1839800b4606fdb42f2baa9151876d894
- SHA256
  
  390f542854416819047e474e5c34ec39e80360cc8c69728d19e8d12732e932fc
- SHA512
  
  6acf4f3f888230aed388d31c0b2c52f6da0c1c31f4184e065511f07aee87757c6f101bbddb8d20d651b7e65d8c329fe871ffb5a4ceebb3ace928fd042a97307c
- SSDEEP
  
  196608:NCsxED7kwTV6B/nCR7+AA3e5MryK5Rj1Bpw7Vdjz8wEO+Dl:NTED7/VEqt/A3TryARj1BpwLktl
Score

1^/10
behavioral10
- Target
  
  xw/Plugins/Options.dll
- Size
  
  29KB
- MD5
  
  90a1c5c0d1cd88b6fe390278c93c4530
- SHA1
  
  b4bec20a1c53e8255518505709a8947dcf7e13aa
- SHA256
  
  035f48b413cf328ddf2bada1b6afd5698f9b8cddf2bcc0187a97629f1063c042
- SHA512
  
  ade19d4160bee947a0df9b5bc0ecb4976c1e4ba848e9360b978429fd94aa39a00016107d3daefdc795e45bcb3717c9673fdc543ef544b3e11d92ecfc473c71e8
- SSDEEP
  
  768:01fYFYWjF84UGEm3uGIKxbF/OfUs5Rd794kv:YfYFYWjUm3uabF/1s5Rd79R
Score

1^/10
behavioral11
- Target
  
  xw/Plugins/Pastime.dll
- Size
  
  17KB
- MD5
  
  787f48174c04f87346bdb09f5aff1d95
- SHA1
  
  18278dbb1102a3e0772c5661a51bef6f4965f688
- SHA256
  
  87baedbd864856f6fdd2ee4fb256842de326b1eea2f71a4fc1914402cdda1f07
- SHA512
  
  af26853c8372529f109220722045e2a920c5cb9dea5310e1f6fe7d30a8189c54725db743e228709bcef3e20b50325fed57089b044eb18164b4affdbc388fbe12
- SSDEEP
  
  384:KhzO/ClGe/9GGzHQl3HREpi5/mY7//AlxsA8/rHbx:kzO/CEe/9GGzHQxH+wH/xA8/rHt
Score

1^/10
behavioral12
- Target
  
  xw/Plugins/Performance.dll
- Size
  
  15KB
- MD5
  
  7ed248558ba25c9fb1eb55e2f1e1dd2e
- SHA1
  
  3f2f71f24f94861922b54f147992d6b94b85acac
- SHA256
  
  1f6fd6b09773fbd53c4eac5d0e77ef4e1be43872ee226983414e65141921d634
- SHA512
  
  2ffe3b5220cf6b92e1f3d2065ba96c685c1ef9ff28470afb5ad8e38b6f821514f4e69ba23caae2f46fa64d94fb8b8de061ca2c979e8c5ae32a5a2dfd046db427
- SSDEEP
  
  384:AmdLFVZ8ERBT32czPbHmTgK62QxHS7OVpPH7EqV:rdLDbRBT32czDuCHPEu
Score

1^/10
behavioral13
- Target
  
  xw/Plugins/ProcessManager.dll
- Size
  
  17KB
- MD5
  
  96f281e2deb206e3561f0a2dc881b44c
- SHA1
  
  a41ac27787d3e61302d8139874ef68aff89d3f97
- SHA256
  
  dc12cb5a2c0be8d6e7dd02c761022bc6b12cc6777d38eb7d529178c3d6adaecf
- SHA512
  
  9f8336ccd0ed5f6936c9f68527056da7a88e986d24ffcf19e3aca2537307b9cd9e315b55f56e7712b4e49f4442244280073eac4c7d7da7e8a10b4c8200f4ac48
- SSDEEP
  
  384:OdftFqxTfNDgiIsCH9q/Y1aLCEYpt1pnrDhI5XkAvfw5bZLnVb:OdftIwn8TY4XkAv4L
Score

1^/10
behavioral14
- Target
  
  xw/Plugins/Programs.dll
- Size
  
  13KB
- MD5
  
  b7ae0664d55bd6b3800871baf6139aed
- SHA1
  
  eccee8e082d9002e551efb8791d323c07ac8abaa
- SHA256
  
  221e1461a2c950336c0a25cb147d996578c1e9461824b750ca9a4f9d3be93cb5
- SHA512
  
  84b8d2f80ea9b1b6b4c4b952f18f9f226473a7e98205c2ca6d5bc6b5cf97ec58f0393f39fbb43bf1f1118da8c369c88b9ee6e228b7012d8953c0607e7dbadf4d
- SSDEEP
  
  384:GjnqNd9cZMvidxD/nTu1NYTX/1bxbBvFxb:GjnqNyBFTN/1/vz
Score

1^/10
behavioral15
- Target
  
  xw/Plugins/Ransomware.dll
- Size
  
  20KB
- MD5
  
  9f2c86036e8454b2322fb37297e2b119
- SHA1
  
  f54ff6b78099548592db00d8667ece62312e1bb0
- SHA256
  
  1727ba841000a1c6176bc285853b54904ea69944fa2d59e8daf66872dd4c1d92
- SHA512
  
  a3201c1378b5c6bc1e427f6aaa1637a197ad18a5b38f705d8dc09c73d19e568c5ee8534e844eaed35e5c83da6d1b7db93c9ccbb789845a60943bb8c790a7edbd
- SSDEEP
  
  384:AVSO27QJHvpebFn0LC9Tk7ff2ji+ZMuqI+sHY4k7E3eEHtHxh:AVm7Q1vpebF0LC9TqH2Mj7KtR
Score

1^/10
behavioral16
- Target
  
  xw/Plugins/Recovery.dll
- Size
  
  496KB
- MD5
  
  3830944fe780e36b1a3c67dabae5c29e
- SHA1
  
  afd2b6852330f86ad16103ac17a471602dc2a8e2
- SHA256
  
  179dcd0bad17db8e467a40d7b57437461cdc3263090966a687bdd40b279e4df2
- SHA512
  
  615bbb13305029ee2aa131ecb8bc397c2a3217fcc7d9a49469f90f1104726ac2c00cc534d72c90cf1cb4f2c2b720e5740089179e23d3394a519236c79cc6cd4b
- SSDEEP
  
  12288:cMEW+SHIWnFEn6YwriYW+aiJdIyl1HXuKtMCiK:+W+iIWqnwiYWefrXuj
Score

1^/10
behavioral17
- Target
  
  xw/Plugins/Regedit.dll
- Size
  
  15KB
- MD5
  
  68d1cd646b429ee4845934cadd05695b
- SHA1
  
  c971c853ff3b53e336ebd150562d5f696f092409
- SHA256
  
  9e8b3185dfb4605cf9e1df4403fafa36f12f484f4d9604541da0121403dc39b1
- SHA512
  
  348988df175382247348e6d1329c61e4dd54f724cb2a3c624df1d74827058e4c00aa5f5acc1430d0ed3d63148c603bb75b60487e97e22699986c1e630dce5e88
- SSDEEP
  
  384:+jKSC4zdLNUpTmeyAYvpYrQcfw9A8/QYbleZ:+jK1wrUs5Y0DA8/QYs
Score

1^/10
behavioral18
- Target
  
  xw/Plugins/RemoteDesktop.dll
- Size
  
  17KB
- MD5
  
  971ef565c65f696214cb77b06e46c5e5
- SHA1
  
  7d72c0b772a9b681ae463c3999998d7db6604785
- SHA256
  
  8be2fb14b479ccdd9bc15beaf091a52df492882cb14b74f194a69e01eef8e94c
- SHA512
  
  de4326f2575c7dfbd57ca51947d6698d21a384a4e6a393c9765d5fb6874820e3512fa338cedf94aa199514b8de363a393eb6beacc0a54da9d25c29394b8f72fe
- SSDEEP
  
  384:pZi1wjbuu8stkZYbbV9q/q6t5Nxt2d6QH9G/jrH:WKiu5tkCb2dtWs/j7
Score

1^/10
behavioral19
- Target
  
  xw/Plugins/ReverseProxy.dll
- Size
  
  16KB
- MD5
  
  c929f13e3096b725eb1475b3aed0bf8b
- SHA1
  
  ba7b4f294f0b198399bccb926afbad2cde38a822
- SHA256
  
  922563d6198f0ea597a0c862f18d6ff9c2c2201608cef962b8cc064c46c796d9
- SHA512
  
  238bb09f7b51027de7622ba0450f648d9ab52d0e5a3497192584bc1320f54737bba473aef3844533a22dd4ce2699c01881b2d3920a520e6143b2ce6d11290969
- SSDEEP
  
  384:F45RejLUCUPxVPdN7FAv8zTNrxYFXoaFlS9icPCv:F4HGUCUZV1N7FLfaoaFQ9icPY
Score

1^/10
behavioral20
- Target
  
  xw/Plugins/RunPE.dll
- Size
  
  11KB
- MD5
  
  75a1fc9ee199e9072f6088f8c1312e0f
- SHA1
  
  38b80990ad84419310cbb578de135b21b80c048a
- SHA256
  
  8f73c87a4a95feed70ecc082bd97a4e05ba85d0ad7bf66a5e39991e108028aae
- SHA512
  
  b4c12ad9806c2eda8135ffa196b84f898147f536067196781a19bd68756c015e9a0fb48571c9412b01e390264e12dee17d40bb8fbe24f061d2eb3140d61c0432
- SSDEEP
  
  192:Vbfqh94qP9XFw3l+JNGGOueq1JtSnIW1fUseQpo7SLOYN:VbChWqPj5jJtGUseQpoHYN
Score

1^/10
behavioral21
- Target
  
  xw/Plugins/Shell.dll
- Size
  
  15KB
- MD5
  
  940ddf611e72e90cc2ba9f50cf5b38ad
- SHA1
  
  15be3b300a07a2f883201e5d45a1c89d8ecdb707
- SHA256
  
  e9beffde0866bf4bc9e53cf4a748a96525a459c7c49d0ce6d2b542609563491d
- SHA512
  
  6c6c1fbde1ffda75671a90295bbe9f8c8f654b089696df894debdd4c372fe5f281e49a076fe3c780f0b10200b0481cc618c99570eaed96adc6a1fe223c4c7d88
- SSDEEP
  
  384:Xw3mb1rUAz2nvV/Vd1vRHfF88XT0L6YpU1b0YNpQ:Xw3mJrUao/d15/vDt1bdNu
Score

1^/10
behavioral22
- Target
  
  xw/Plugins/StartupManager.dll
- Size
  
  189KB
- MD5
  
  83572e22aabf502e47478cbadc9f625a
- SHA1
  
  537696a5a47719e58be7fe65367294eae996b1fa
- SHA256
  
  c8fe07db19e5103384495a8d9636927cf8203e21e21cdbc61884829349a43f00
- SHA512
  
  3b41041df3edeaddfbc09484499fcb3df809c607a3e526422e3dbf8ab65f8f72c40fd652d7e39afca65c45ab29667c16403e15083b0ba218c2c10dc87f09c121
- SSDEEP
  
  3072:UtkjKRhBK2A4kjTUsq7EHBAnpK37nXF83+4QvC74Syoh+0KryiT6RXHLzgaUcndn:U6jKRhBKvjTCo8FI6dfCcn
Score

1^/10
behavioral23
- Target
  
  xw/Plugins/TCPConnections.dll
- Size
  
  16KB
- MD5
  
  d41b8051db33f2915a7fcadc3f23f194
- SHA1
  
  05367451b5ff4fa3ed68c5fba553e435bbd31f3b
- SHA256
  
  2193a674c4816fef54b2fabb6ab321265edfc4ae932769ae017c658afbb84790
- SHA512
  
  30010fa9cb101a26da0f4f1422e5489c36633c103da67c11509186d3a18780ecb6b26ee84f7dd7679f36734da1f6d62d49560071abeeeafdc43bd08b6f5ab0a5
- SSDEEP
  
  192:3jg7Ks3wBH3Ud9eGLVOpkidXiS+O6FtQi11OtCEox0GTeE1tZ/J6IW1Gz/t/hYrb:s7Ks3wcxIdo3wCzTeST/Zz/uF/v
Score

1^/10
behavioral24
- Target
  
  xw/Plugins/UACBypass.dll
- Size
  
  12KB
- MD5
  
  682099d00c1da6604a2e26103915f0e8
- SHA1
  
  29b22d96a514a8ee69cb2a33b691a076eb598df4
- SHA256
  
  2151d5f96bde452c96d280b00b3a99629b3d74b3c7526e988ab179c57f7b3335
- SHA512
  
  8f14c821906bfdf7b70233fb5d7a4b101e831bf59af0f7b48f79e1c6edf3cfb5cc588defd92b40a77712e083a8bf7865e1f5408f041b97802036edcb81e51075
- SSDEEP
  
  384:rNKWZxTvVue3L70mWbqpynY9r/zFlhFs5rUOV:LhvVuOkXb+/TPs5rb
Score

1^/10
behavioral25
- Target
  
  xw/Plugins/VB.NET Compiler.dll
- Size
  
  15KB
- MD5
  
  f5797fdad244c71defa5095dea05d66e
- SHA1
  
  72a7a6385f754af0650eda0fa809df7eb302d6f7
- SHA256
  
  69f3273c8a43cfdb2e282f02da2ed084e154e33497f788f65f58bfdae3d9aa94
- SHA512
  
  be569ac5c01a72568d46ee956c85202a8f033de2159f7466f5f724e2b325b7494af2462e33e184be46170067613e8be3db0c03575ff7e841dfd99dd434b0316b
- SSDEEP
  
  192:hWgDO0lNTlnqybcTwBJA+wGnzOSeJyxlTen1W9gotlF6IW1oXxvKWkWQEcGSL25L:DO0lZ8GcQA+ZeyTe1sgIXxvZQEcoh
Score

1^/10
behavioral26
- Target
  
  xw/Plugins/WSound.dll
- Size
  
  539KB
- MD5
  
  bfccd9383a458f978090f4f8dd54f6ef
- SHA1
  
  cee9b3893a93446e5d4f9466408c472e14aa9438
- SHA256
  
  3419a06ffd8bf5fce906ea553d0d6591d7a90ba7301541331c0d380e072bc7e4
- SHA512
  
  ab68298664b2f5fe7f7a5b2c33452dcd170603d8ae74648dc390cf21dd12ae2c927140df635af301388474a4d1f4040f3f475db1d5ec1b601e73e420405a7643
- SSDEEP
  
  12288:EyGwLs78GJUndM5/zobglKwM/W5pKg/+VnSXhu5:9GwO8GJUndM50bglZM/W5pqSxu
Score

1^/10
behavioral27
- Target
  
  xw/Plugins/WebCam.dll
- Size
  
  209KB
- MD5
  
  e35f3b277027fc5f1206f45d49bd8690
- SHA1
  
  84ff7a255a6125e5db26ee30224355c9f78a1132
- SHA256
  
  cf4cc0a8559162b17fd3c2f99b272da6145c9a5afed527547e682e5fb33dabc2
- SHA512
  
  5cb7b61450250b5d1022eafbe64c98d9e7e40744b577e8ba1f2a6b814df09fa56f4ccc542cb2dadaa51f9942b15a5485a0f30033ed73628796331f0e2e5474b1
- SSDEEP
  
  3072:ar2hWR/jKGR5BfF/g50PBgakLA3LC2FY+EdzYZHAx+dqRN51hdJFxtZV9l5hhJxL:aE+22fFcgBgakL320zYZHpMXM/fWzx
Score

1^/10
behavioral28
- Target
  
  xw/SimpleObfuscator.dll
- Size
  
  1.4MB
- MD5
  
  9043d712208178c33ba8e942834ce457
- SHA1
  
  e0fa5c730bf127a33348f5d2a5673260ae3719d1
- SHA256
  
  b7a6eea19188b987dad97b32d774107e9a1beb4f461a654a00197d73f7fad54c
- SHA512
  
  dd6fa02ab70c58cde75fd4d4714e0ed0df5d3b18f737c68c93dba40c30376cc93957f8eef69fea86041489546ce4239b35a3b5d639472fd54b80f2f7260c8f65
- SSDEEP
  
  24576:FDy7cKOfkiRrXP5WtJvW1mpjSWr7uoZme1V86:+8/AtJes1LJ
Score

1^/10
behavioral29
- Target
  
  xw/XWorm V3.0- Crk by glfw5.exe
- Size
  
  7.0MB
- MD5
  
  76e3196ac333652949245575450ee30b
- SHA1
  
  16325f4b6ceb5b8378b91ce97611505260ce94dd
- SHA256
  
  3b1b48fad0c2c13a7253e0fad3764a2567bacc36078bbd1e6f297ff0fdf49ac2
- SHA512
  
  5e3415f224199a61ae3dd26b579ef986e7747b3b72041356ad649f60e03202c8131299aa0dd47a77899e315c8c0ddb76922c9a7c69270aa621abca6ac6205ff7
- SSDEEP
  
  196608:WI2GrDiXxRkLZvaU6ScXc4sqgCzlMNxKa+M9:WI7s4vKSoiqgASNUP
Score

1^/10
behavioral30
- Target
  
  xw/build.exe
- Size
  
  536KB
- MD5
  
  8fcce8b5f248b8dcc87748f6bd5c5826
- SHA1
  
  5b1cfd6d6a771bcc8343cac60f6f14c6b22e1336
- SHA256
  
  772eb622cb13a716b023acb5343b863ddd24d9c45be8189ea011ba4fdba911bd
- SHA512
  
  24078f4705ad0c58e3244d844e90e7f1a8e54d8bfcf57b2de2ad9ecba622b2625af108a2bbcaf020f3cbf96768194110a6adf0f1a86064766232245db6ae6ad5
- SSDEEP
  
  12288:z1a7kKdZ+f3ONUVLvb8n/Gr4BqkUAZL8IFL5/qYE/bOd:z1anH+rvMUUqkUAV8Qx
Score

10^/10

xworm evasion persistence rat trojan upx
- UAC bypass
  evasion trojan
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Drops startup file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral31

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

UAC bypass

Modifies Installed Components in the registry

Sets file execution options in registry

Drops startup file

Executes dropped EXE

UPX packed file

Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31