General

  • Target

    S500 RAT.zip

  • Size

    60.4MB

  • Sample

    231002-n27xhsab3s

  • MD5

    c81e1a780bfe0c0c08cc065c07f9ccf4

  • SHA1

    b6323176ddcc6b1a39ee9d6645ff8423656158b0

  • SHA256

    d5875d4d08dac2c89551c28981c116d428260e9cc8f3de064123922d88dae06f

  • SHA512

    17a497f77457feb2b9c25fa138338e58dbeab21dc263d9f4407f4669d45b05c31ff75b6bc24f27a5387c0e96e3807c804ddda2cd0d1b169d7dbb278625b6f59e

  • SSDEEP

    1572864:ogpmeR1RFRShPdw2L0POYJhtzU9lr7RvVST:HHp2w2GzurFVST

Malware Config

Extracted

Family

xworm

Version

2.2

C2

license-donna.at.ply.gg:55049

Mutex

a91H2xmbhI9aDmQI

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      S500 RAT/.peu/New Project 1/src/PebApi.inc

    • Size

      2KB

    • MD5

      1ed2608e8fefbe2b4978a257d456b866

    • SHA1

      134a2608e5f07b8637d44538676e64ffc605a27f

    • SHA256

      075326d282390e14e558adf21ef184e24eff05d6c5a69233219cc48ba751bc3f

    • SHA512

      ff9550cdee02af07909e3a8d5c2192b3b480b96098bc95e0b0d27b50287728d58bd24391ffe1c8620e38f303bd70db4cfce90be872e48e284e632a71f40957aa

    Score
    1/10
    • Target

      S500 RAT/BouncyCastle.Crypto.dll

    • Size

      2.5MB

    • MD5

      3551343fab213740bbb022e3a6dcf27b

    • SHA1

      de67fb4f9d58db4a860a703c8d1f54ff00ff9b1f

    • SHA256

      5530dff976bc0c889076b97ca695bdb97ef07f63449d32f893ed32398ed8bfe6

    • SHA512

      e90f51053e1d4b0ea1f7458229de92174abf0781c766290da4de5cc8dfcfb730998252bf28b36ca5070978fdcea8b97f0aea6a47b875dd34173643ac0cb46c42

    • SSDEEP

      49152:3CTzhVM0AU5d3UOhq8hmReOUJfd5T3D+VTQlgQeCKbu9kQLO0:GwU5d3vhzhmoOmfd5rqX0

    Score
    1/10
    • Target

      S500 RAT/Compression7zip.dll

    • Size

      40KB

    • MD5

      cbc44e5fc144b9e998b1d98452a87c06

    • SHA1

      b1dd5c67f1e37bf1b40ca5abb031899a09798b1d

    • SHA256

      1c167173ee4f36732bec73ac19fd774b3bd606c8c5d46cd35194093f642b711c

    • SHA512

      38fce2c86225115d7aa19fadb5567fbfee4a75e30a93440d0ae0ca800767ad27e3689de0a9a953f79f5bfa16aba5ad232cad4154889f510b51ef32185f6a4fdc

    • SSDEEP

      768:eGDJdsdPCIxoHXNo2/z/heU/FLlPRnHdytMnRixGpiLuqAdIkUlGAxrID/Pve7E9:tDJdT/9eU/FJZnvBhq7k1Xve72

    Score
    1/10
    • Target

      S500 RAT/FastColoredTextBox.dll

    • Size

      298KB

    • MD5

      020afdfc4f034027354b9f33fe0900cb

    • SHA1

      cf323c82de0ce24147033008d086a380a9f04868

    • SHA256

      8f9d26773e9a13779c4e1cd498ba484f31d2459df4cdfbb274919c316a8825b0

    • SHA512

      02c97d3361a365396b6eab5d09213330609f37a6f233d86fd7cb9859d1e7622a9d81d2a9201223703f510974d42a97596b16d0945cd34ba1ecd31d3760c68ea8

    • SSDEEP

      6144:Z/P+T2FFt0aWXsA7m25bmxbLampiI/nlsqJLDd5eNrgs:J+TuroVmRlb4IvZeNs

    Score
    1/10
    • Target

      S500 RAT/Gry73.dll

    • Size

      45KB

    • MD5

      b3d076f3125fa03d8f97a9fef0b42a5e

    • SHA1

      3f4ef3de41a8f3b7adcf79cc031fb4de12265304

    • SHA256

      21f68f41aadfc44c994ef9a4394d910250a4c9e43f4d8c43b3015f5390014819

    • SHA512

      27ab2e34c44a720a6f836d5892dcf1cb426bc20bced7e218799a7d6cf57b5e1e8719e3bb580a5d1be623e91a5e9333298541395d774bf6af4fdeacf855867f13

    • SSDEEP

      768:PX5Ii8RZqHCPLq6vt/3pjsK/ZvT+T84o4snonmeTz6dXJyZ:PX28CDq63pjsKtaT8nXC/TkXJi

    Score
    1/10
    • Target

      S500 RAT/Guna.UI2.dll

    • Size

      1.9MB

    • MD5

      0f07705bd42d86d77dab085c42775244

    • SHA1

      7e4b5c367183f4753a8d610e353c458c3def3888

    • SHA256

      cf9b66e11506fa431849350c0cb58430a71e5ec943d2db9ef1b2e2302f299443

    • SHA512

      851b1a4c470ee7fe07ce5619c16fd391428585926c5b559694a9e445633ea51ec86c74a3bbf3bce39d943c4bf714dad2fd3c4a4d0703be2333541c79a2ee97f0

    • SSDEEP

      24576:m8Yq6KN2liAVp0j4DuJPbTzcH7DlktjfEzgKxGgcKM8Q3xajfgY236RYgPNsP:drCqfE0KctKM8Qv6RYgPY

    Score
    1/10
    • Target

      S500 RAT/LiveCharts.Wpf.dll

    • Size

      212KB

    • MD5

      e924f79f0b5f3e79c98477d75831813d

    • SHA1

      64f71e20e1953b13c771d8a8e63549ad6d64216e

    • SHA256

      1bdbb1b5c1a50653e5c26161e9b7c03edc518721a6e10ea180a84049d967106b

    • SHA512

      063e9bdbdaf0accb46cef5fdb98b30a97b8a6ba097a80d43a9799ff73e820d1c56d41ca9f71d94497736e3def7fbd0109db4000ab1d9e46cdc96357bf3e15fd1

    • SSDEEP

      6144:d/vd0eaDQcUc0GkiTV3bkACA3AloBtefVt+aA2xgKPo1zlW1w:vaErjGkiTV3bkACA3AloBtefVt+aAGBF

    Score
    1/10
    • Target

      S500 RAT/LiveCharts.dll

    • Size

      148KB

    • MD5

      9642899636959b7fc89bf34a8b998a90

    • SHA1

      479a0254d1c9e5565c7d861bb77f54b7eae50c96

    • SHA256

      9fcf89837b60f69c1c501e4cfa4d2860887afd0b8f325803367e795a4e3bc9ca

    • SHA512

      435dccb57ff3e9d0663770768c866838b19fbaa5b8e79de0ca111d9c73276f016e016d1d268f72cf3435ecac122039764fada952e1a4f68f368b492bb866c9a2

    • SSDEEP

      3072:saegvMNVoz3Vlw6/R3z3MV1IdJJGVKWHC2KdxFFT9lzo:VFJlwYMVWY65z

    Score
    1/10
    • Target

      S500 RAT/MetroFramework.dll

    • Size

      345KB

    • MD5

      34ea7f7d66563f724318e322ff08f4db

    • SHA1

      d0aa8038a92eb43def2fffbbf4114b02636117c5

    • SHA256

      c2c12d31b4844e29de31594fc9632a372a553631de0a0a04c8af91668e37cf49

    • SHA512

      dceb1f9435b9479f6aea9b0644ba8c46338a7f458c313822a9d9b3266d79af395b9b2797ed3217c7048db8b22955ec6fe8b0b1778077fa1de587123ad9e6b148

    • SSDEEP

      6144:M4S7k5hdCpU4YqfkUGz6KpQQZQHDXjNCdOZgLdL5DXBK:M4S7k5hdCEQHP1Zgj

    Score
    1/10
    • Target

      S500 RAT/Obfuscation.dll

    • Size

      22KB

    • MD5

      0dac4ba4180115bcbafced522b94970a

    • SHA1

      d70457578f3e0db24ecab84323854c7c7a724f61

    • SHA256

      8cb9ede1fd8c60691503b77c3ef52b35881a2555057cb5557341cd8c89e752de

    • SHA512

      b27329c07ed0f671aa109cdd49d2c32d84031dc64a290f9447864aee0975cc0662179f0c684c5feacb6ca7f99b9eb483bbc74a79234c741f69efeff76ad0c87a

    • SSDEEP

      384:KTvtklEbiXejlVExwehhLzb5s5TbRRyLGv4Jv7ZEIbioxY:lEbiSPExZhV4BvQzZE/oxY

    Score
    1/10
    • Target

      S500 RAT/Plugins/ActiveWindows.dll

    • Size

      27KB

    • MD5

      11667dcbb0c3f4a2cabbb7e749abb8e4

    • SHA1

      aa265341eabf7a2b7f87aff44bcd74cd018fb5f9

    • SHA256

      3b67b9994db3b22a1ffe4c5ac7be974d1470e9892c0ce2fdc4aa1fdce6529f04

    • SHA512

      04c6e179f11866e83d6fc931585e35314496a9df2420f3d10ef007a7f8ede282ae3ba30f704c67dc5f8702a8d7cdf8aca759df6df0d0bac4bfbbc599b5e88ba1

    • SSDEEP

      768:D2uI+GQ6Ztlf/Ws8NXtu8qzDi/NxnTj07Hg9RBZw/Bo:CrFZn98Ndu8qzDi/PnPcHoRBuZo

    Score
    1/10
    • Target

      S500 RAT/Plugins/Admin.dll

    • Size

      31KB

    • MD5

      fc4a2c1fe09bad3c45b1667dbc5ee1e3

    • SHA1

      c8b48aeebc2701b604519860c8eb58d7d60b0523

    • SHA256

      af2ec6aececa142de44371908980aa041ce3d51e4ccae151fcd86a7db8b2a384

    • SHA512

      dab8dda902d1e05f63a8ac9cb4afae8d204d2d678aa5a9def15495297787df3d75d21ae035cc24a80a7edd5bbd939727aa7feea217c2f4896073956e13b0792d

    • SSDEEP

      768:eRgZyI4Ph/U6d0vZxnrXCzt1tqvlbZQHX477fQtPS5j4p:fB4PzNil164cp

    Score
    1/10
    • Target

      S500 RAT/Plugins/AntiMalware.dll

    • Size

      29KB

    • MD5

      5597ca467d7b6e8ba3571c4bb052b586

    • SHA1

      375ae43aa132d705c392253fe08139d996a10a31

    • SHA256

      cd7ce00deaca14e500ab16c18164f11483a04b9e9b5ab5c6cdf87df42fefe608

    • SHA512

      c8938c27019ebd1d55502ac66c21a22219f815a11640d3380c00733afa4ae850860d47c3e2a47bbd4651f3267d0d5343f484dcf36653fcde64c12215f615f382

    • SSDEEP

      768:kWJR0JPaDQbRvCYIVkFIY8B1VV123MhsLiYlsU:VJIbRUVJXV0l2ef

    Score
    1/10
    • Target

      S500 RAT/Plugins/BotsKiller.dll

    • Size

      7KB

    • MD5

      30e2fb2bc2a5860fd32fafb285401ee1

    • SHA1

      57f9f8814bea72c06ca924ec08455b8aac351112

    • SHA256

      44c3d6fb2e8bbc241955524bdaca1b6a90548e8769b9945cee50ba1fb35041ca

    • SHA512

      bfce9a9700d298fded24502775c6508cee31a7e2d65e66bb1a1c9016b1e8e7c173c7f2607e295843afda49aa02070b2e75b60e51b4b3753c4105de87edc6924c

    • SSDEEP

      192:JwOwaWTCJfRyRmvXHMFd2OsOGd/l4oI5/rodYHR6:JwxCJf4ZFwVhb+mW6

    Score
    1/10
    • Target

      S500 RAT/Plugins/Chat.dll

    • Size

      1.7MB

    • MD5

      88c29a6120e7ffb996ef451cf0b6ac99

    • SHA1

      3388261d1ff706d1adcd28c47cd6e6d7055c7735

    • SHA256

      9b374f56b637d01f1e9c113fc5cebe04515e01e0e5e7a309bf62134a1933f246

    • SHA512

      0d72f7a703b79ca063f31f655468410c710fb866be127ec9b360baa3c6fd7081aeb9da8e2a762f963aea54eff371fa6159ca4a922ef647b2219a29ca195e0193

    • SSDEEP

      49152:2H43LjSHwuDwnI/ZNYF1QrQg+qrR9G1j44W:yQLnIxNYF1QrQg+E9s4X

    Score
    1/10
    • Target

      S500 RAT/Plugins/Clipboard.dll

    • Size

      28KB

    • MD5

      b0ba61981f5f7b8ec9929e240b81e6be

    • SHA1

      36cac974e67146631bdeb0d89d5602c1b9120c66

    • SHA256

      4ffd6a2c22293204ff1d9ea606d5398ac0286a2ed4a3f251eb0f248bb90ae6de

    • SHA512

      84b228da4074545bd18df46c1dca268069066132d6f7b27a5a62ba9b770402030f4c7fcf73c980565f0b1aa47fb13f0d1fd012e06bb213580fe9bda1a650a8fd

    • SSDEEP

      768:7q23iUSHtiLxhdEvgtEGcJsU21J5+xa7QPXYt24XhdT9m:CHtijO2HZU2bsISI24xdM

    Score
    1/10
    • Target

      S500 RAT/Plugins/Cmd.dll

    • Size

      29KB

    • MD5

      79da3973167c94db5eb3248d570a059b

    • SHA1

      86eea216c64e84ad1f1189587320eb7c1e2230d9

    • SHA256

      8a87fc821f1c3f6931cb7f908a247fcc2f83ff97b72d95519ad87f924c21b532

    • SHA512

      97174313d64bae3069bfe9cdd226c9f19221c9c0d408b0ba7431d29e78422aec8cb8adfaf1931a653723b9fce40e447a48d411b1684c566d8253356b1ce6da6a

    • SSDEEP

      384:J10x7JfgKLW1DfAZJjCVNuUCTL9lYzUp51n9AsjFeKYSEkzrQ/KJWC+efBTQQN:r2JqBqJjBNpX/jUkmLuJTd

    Score
    1/10
    • Target

      S500 RAT/Plugins/DotNet.dll

    • Size

      28KB

    • MD5

      7bed5f9fd85dbd250423c7f2e7b0f0f4

    • SHA1

      633b27de3913bb1d6efbe2b32df4663138af2137

    • SHA256

      86b808d7fc05a7c0f81791e19850ab312ce0a8d0c73ab6e57bd759c56fd4e7fb

    • SHA512

      c74224c22b6931ffd11cdbe48d8c83765747e6a27a89ec0f511b128e5e3d1753d80a0116cc14654ddeb0237138a92fdc0392987650c936126384331e5e86de59

    • SSDEEP

      384:J8iguvx9gxoqVzbsJqsUAAYld3wVQd/SplkPLppWNu4oksAzkhojvE0ChR4YooQw:WiBfu0vr6/kPLfWN/oks5SvEfhR4YoM

    Score
    1/10
    • Target

      S500 RAT/Plugins/File Manager.dll

    • Size

      41KB

    • MD5

      409f91cda95ea16ac662853af480c082

    • SHA1

      8e896a81bbdbec745adf493ebf3ac6c0407476fb

    • SHA256

      d92054c707c046d206b0067a789b822bba65a53fe6052ff174f9d3743053f6c1

    • SHA512

      166ae3ee24ca1c504b6307d68fe7a4440bd2798ab258327b886ba6a7b9d62ce2f5d34ba45cde4be401d5c5888b45da37bd6588a10fc3a6e81a9e2769e24f6f02

    • SSDEEP

      768:+AlPMf7Ob86SpiS2JRLYggY697aabVlDtukF9f:+KMf7t92/LYG6Nuy

    Score
    1/10
    • Target

      S500 RAT/Plugins/FileManager.dll

    • Size

      44KB

    • MD5

      b2592a810bb96e865490599126ad680b

    • SHA1

      e6a51cff95c22b22c4c5db1630e946d8b183252b

    • SHA256

      d2e40fa9d5e90aeeb179efc057eabaafe62ab347c6123659ba4d954f5b75b056

    • SHA512

      213f2886c48e2a61d84f07d7b05976d6ef1265b15d315dee7bf960477baa7decb946ff7e0fe79fbe0a9e4e59fb9561d6a682dd2aa2869c59eaf5b67d19fec4e7

    • SSDEEP

      768:7Qu6mnSI3CS8n26Maw9TAiKUGIu0ZR8ZuTbvWNNODJSG95xCjNSUM2p:3nZvROwdKFIut4n6w/2p

    Score
    1/10
    • Target

      S500 RAT/Plugins/HBrowser.dll

    • Size

      49KB

    • MD5

      f8e8db566e4ad2924b8973ea2218f2c6

    • SHA1

      550e9886e568470634bb188d5168b884de8ad533

    • SHA256

      41c6c5a8ebb41572e4903908a23080c1ecd7386ae0131f4fe87f2a8e14df336a

    • SHA512

      8f7d90e5945c7df3b700c88896171b228478d56ee30d92b26e60c52d1bd0fcbdcd8bccfcfeb83d94781b978e8279050107e12bdc75e15b89c31bd31af748c923

    • SSDEEP

      1536:VfZXWU5S35MH8h4EjhFjyUitZobiXSrk/jg:VfZXL5mMwJjhMUumbq2k/jg

    Score
    1/10
    • Target

      S500 RAT/Plugins/HRDP.dll

    • Size

      37KB

    • MD5

      4f3be09a3f000e5d717d698819311000

    • SHA1

      5e809e1be7858bff5e01adf20565a4985edca219

    • SHA256

      63e05c9a64641ce9ce3620293be5e1cf5d8afe8d91982375f7e466e1450b30a4

    • SHA512

      5a8fa8e0d0bfdbc81b91081bb8789da97a606d267432b4d09e888ef89356ec954057136e590cc7db6be125195c0f2ad1568116f56f47bcd7f581739effc292a8

    • SSDEEP

      768:Bb3CzsCncWFVqOs0wXLAxpR+l9z85Z7gYe2xxSgTlNiIae+EgkbE:BTCQCntT3bwXLAxM10Z75QgTlNiIH+E0

    Score
    1/10
    • Target

      S500 RAT/Plugins/HVNC.dll

    • Size

      61KB

    • MD5

      720a634bae36d002f4b09121a82416c4

    • SHA1

      7c34ada39645c8d063c6bb62af391e29638a6bac

    • SHA256

      6ec1d49bfa973b66338c934bb8fda569a043dcb6e2227b8ab981b78b487f7f35

    • SHA512

      4f926ad7a5d1d242449fcdc6c8fa8e55cb98adca418b30840e9e2c7da2e1102cd5faaf130e5834622cc55fdb3c6a2efcc9913abf1b1ee913dc78b89fb771801b

    • SSDEEP

      1536:yVqfjO1mo9BnOSqyHUTbZ92DrsZxbCNqDx9HFuLrqQD7fXpLPCsWcx:ysfaA8BjCZ9SqbUqNFELrqipPYi

    Score
    1/10
    • Target

      S500 RAT/Plugins/Helper.dll

    • Size

      4.9MB

    • MD5

      8223e618f64eaca49051c29a29dda4a1

    • SHA1

      1f580c7a25335d598f4e90f8a959c9e7c945f9da

    • SHA256

      6e64b6d381f2563c2abba6579fd0f25a931064ac2af4504f54b15f7349a36c5f

    • SHA512

      ee513d55d2030b709c4392947b9e89cf855cbdcee17826e1b36d1a9a927a41345035f5799b21c9643aa2e0f801443a03b5b328239ba4724a01f2e77d4e79146c

    • SSDEEP

      98304:d469N4aCilxKh8P82fnQuTmI22YBvYImca1B4IU6ZRxvRbz:FX4aCif/uIEAIna1B44RxvRbz

    Score
    1/10
    • Target

      S500 RAT/Plugins/HiddenApps.dll

    • Size

      62KB

    • MD5

      1f85a383f7dfd4b2ad5a231f46bf3533

    • SHA1

      2cda68c2949471a4e943de65c0b807b0c3288d75

    • SHA256

      77ec9e338acbcced0cd5fae1556ca26ec8d4c493062d27b19f5760938c99e8a9

    • SHA512

      8b17f93a0205f7ea991e147600c647647c3ab3c04bc73701c78abbc483723d8628fd1551818ea0db5a49be875f033be42fe0e763e15fca39cdfe303bf9797232

    • SSDEEP

      1536:eo3uBLB+Q3rsppzCJWofDmA0wILW/KXRvIHvXBvZ3cjfd:e6uBgzEPkwILW/KBv2FxG

    Score
    1/10
    • Target

      S500 RAT/Plugins/HiddenProgram.dll

    • Size

      42KB

    • MD5

      e70990638797ad79f862180b9d06b53c

    • SHA1

      927db245fd7ae3680256b3de2182a23f92bd4495

    • SHA256

      15cc6b2862bae083dc2d6b1c160689e1390a2365aeaa6e70a933e968fbb05dfa

    • SHA512

      ba30a39735878d710fc91888c5878c58899e212d9e7faa97602aa945306c6b95351be799141acbf12fba1e81ab1fd6dcddc372229024003011595398aece68bf

    • SSDEEP

      768:9KzzyvoqveS5gxa+cmucfIM3hPnfWpGDmIyAPYrRW2d0Pkrrf8eRiGcYX3:9kywq/as3mL1FfgGDmIyAA1WB5eIGcC3

    Score
    1/10
    • Target

      S500 RAT/Plugins/IconLib.dll

    • Size

      56KB

    • MD5

      af8154cc71e57761a39743861b244870

    • SHA1

      929150541747ace403732e884d4679831c372a32

    • SHA256

      7804ba869e67a8bd8270461ae75b6d38970c6d855e12f1fea0dfd8713b6f6934

    • SHA512

      0392ef618ea7e92ff8075a30df7097b9aed6ec697cc33ab6db8d67d3d856c5d6531b0f548f1e6ac57788e5e7662729fdbf44f6f5575052f05742dce25654fecf

    • SSDEEP

      1536:PM4Yb9YM9LQz8h9YOzJdRebvvuln+EaJswp9YZaiybm:Payy0UNtebXuxed9fiyS

    Score
    1/10
    • Target

      S500 RAT/Plugins/Information.dll

    • Size

      33KB

    • MD5

      9563e173e7c61139d9f4d7c2aaba94f1

    • SHA1

      0f5d749f79ed3a4de4d6962530ec98165b0ec92e

    • SHA256

      ad9b98e78f8587c15e4464a80554aa714f591f4da203bca1b08aa2aeb12ab3c8

    • SHA512

      54e5853fdc3d98835ebc1ecf2981187c2397460c400cb965b2d7ed039e37c5a8ca5a0c1cc30f321b2a76e6d0407d5b7be73ed945ace59213ed1c811b4006f287

    • SSDEEP

      768:P/aBkFWaIW3m41SZD/a1XvgKAKmSRXAzBArGHSpec61T2z:XaqZIS1S9SyKAKrhAOryY

    Score
    1/10
    • Target

      S500 RAT/Plugins/Installedsoftwares.dll

    • Size

      28KB

    • MD5

      6b20c7f7fa597e22e2bb592e82997672

    • SHA1

      a414507b7cc5fc0bf234a41c9688745f4401af6a

    • SHA256

      a44723ca98059a803723e8830eb6424fcb3a2237026138560bd64f8864343c1d

    • SHA512

      7372394cd38efeb171c73d32c0f03785822c3cfdba2b2720aae6181705bdc6e6c0c80effaa444686588f334294ac9e262015b931c076cea04a94682b4fb73d10

    • SSDEEP

      768:jEaIhpiKJP2WcFfJ5xnFqK0heZuGRjTpIUdj:jbI3imFaHxnG45lIkj

    Score
    1/10
    • Target

      S500 RAT/S500RAT.exe

    • Size

      21.3MB

    • MD5

      d6967d80ed4a22c8dfa436f0a8f9d6f4

    • SHA1

      a809829519b1d789e4d02ac104daaf4047bb6380

    • SHA256

      1a9f1362704fb9aeda9079e2815bfeb6acd4a15cc5fdef78d2afeef2ff6fdf3b

    • SHA512

      bd31c7597f65c62374577694c8b394f7b0e8fd45bb8142ec58313d7f6afa35b956d1163bba64a405644029d08d5764dd3f2222723db33209cd69cd70c711ddd6

    • SSDEEP

      393216:1/dQeve921Fkv09cHJZwGn5GkPVtGhyyepDoSYYD4WchJ2sphHJGGA3Gj4wKPnjj:11/LFkvPHJZwGn5dChyRpchNBJGJ3NL

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      S500 RAT/ServerRegistrationManager.exe

    • Size

      16.7MB

    • MD5

      aa2fc72b58059e5e7e9e7003ab466322

    • SHA1

      e171576589134431baccb40d308e7dcbc776e087

    • SHA256

      f107c0f275bd1c773e1ff2d78b60a4060b8353b02f45d3892968206fedffdf88

    • SHA512

      26d69ad0d3f41bf08585307595e1d670c7d7905e1f86a566a36d9b0c836d3b349a6349e1f2885d433d35bd111f95ce004ae34e81443f96b73e784db3594e3eef

    • SSDEEP

      196608:Dh0y2MuVNz+KorG0y2MuVNz+Kk0y2MuVNz+KN0y2MuVNz+KLiQB7Z0/slzLI:ddQVNIGdQVNAdQVNRdQVNfBd+2L

    Score
    7/10
    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Target

      S500 RAT/lz4.AnyCPU.loader.dll

    • Size

      985KB

    • MD5

      c42e778fcd5838b83704a6ddabb60c39

    • SHA1

      d47ee0ebbdc412badfb373207aec889798790a93

    • SHA256

      6f327812dd62cebbd8ab20b58b0fd3150800199e45b87c0fc8aa569ca7c27e69

    • SHA512

      12bc07cfdb826475e66e5a1a3ff6b265baa50e840191cb027146de8d17a0001163b9678e3f7723cdfabaa7b3f93dcca81be86d9c90eb9f266ddd3819a2357101

    • SSDEEP

      24576:wc2OYBjTIRL0Q+jDWi8IO6Lls0Uh/z5TyF0Nqxa7+s4EeL4pT:wjjTIRL0Q+jDWi8IO6Lls0Uh/z5TyF0R

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

agilenet
Score
7/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

xwormagilenetevasionratthemidatrojanupx
Score
10/10

behavioral31

agilenet
Score
7/10

behavioral32

Score
1/10