xworm

Sharing

Copy URL

Twitter E-mail

General

Target

CraxsRatv6.7-Cleaned-Fixed.7z
Size

302.6MB
Sample

231014-me8d4acc6x
MD5

bddf04a78f721d0c65292508aebed3d2
SHA1

d960a2545712aac6bb5ac4c15467f4cafec5437b
SHA256

85dff73e54d9a0d0ccee788a3d4ef155a2a7d37ab9fb7a175723559d59b47cfa
SHA512

2667ffb705343b54b90506b1f6bafc9d72ccea8ac7a58b86a5e3a0b8bf4646002987e250ab8ff2ef79e6923146e67591dbe6e1195ca045a4c7034ac8382371c6
SSDEEP

6291456:paOdmRp4VFNeAf2aOI3ql/nYToTjkwWrhP2h8tb6EL:pZdHevI4jihqI

Score

10^/10

Malware Config

Extracted

Family

xworm

Version

5.0

us1.localto.net:38447

Attributes

Install_directory
%AppData%
install_file
svchost.exe
telegram
https://api.telegram.org/bot6580247653:AAFPWxkGtgC3Ro7400iFKADbYKphxrFz6EA/sendMessage?chat_id=1602502747

Targets

- Target
  
  CraxsRat Fixer.exe
- Size
  
  59.6MB
- MD5
  
  6d5ab8518cdfc5d180f20d0feeae27ed
- SHA1
  
  bb914d20bc4fdee6edd7cb4f67782570fd0f5f2d
- SHA256
  
  bfdef0348f59d57ae5c448b165ea63762049528e81134e3d6ceaac60cf910ff1
- SHA512
  
  41bb6ec8ad0c1b62b98eaac67b0d34789b482975d77acd2b8db86f76a4dd88317fd59cdf87403436039b0f62b4b139947c79862728494a42074299783334ce59
- SSDEEP
  
  1572864:FrxHmiUr0jS/dx7XKIlhKvZ3lM/D0vLGRo+aL:FJVUAYdVXTlAxVM/D0vLgmL
Score

10^/10

xworm persistence rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1
- Target
  
  DefenderRemover.exe
- Size
  
  664KB
- MD5
  
  7a3e43c2971746c84d32f8a448823673
- SHA1
  
  08b75724c68f25ac831ba2c7508f18bf3a398c9f
- SHA256
  
  c7bdcebe60356900dc4b4f8bc8b75acc1536df33ae7a1049bfa27192b8c62d0a
- SHA512
  
  702ea07e5377387cf938554c8fab55847cc72e06997f318099940db2b0af7d06acf326be3699569b65a9a265e617cab13c2930614bc3a0cb2e02ee82fd79c8f5
- SSDEEP
  
  12288:u1OgLda0ZjpVxCSDrqzU7rOv/O6/NH90u9KIyburq6fAdAYmyw:u1OYdaypVxCiIO6/LXEYr8dAByw
Score

1^/10
behavioral2
- Target
  
  DrakeUI.Framework.dll
- Size
  
  1.6MB
- MD5
  
  0562b4c97f643306df491a938ae636da
- SHA1
  
  0807c37b711374ed4814a9518c9e264517de89a0
- SHA256
  
  70e72477f7fe0018e043ce8fe2228a289459058ee41caecd6f05855898bc5b80
- SHA512
  
  c969cd274b6bf65a34f1d129b6531616a3485a1f153088609ad2369d380fdec37c3e88a423495912715a26e353dd5498f7f9e73c895e9f3f18fc7d1e65d2ecaf
- SSDEEP
  
  24576:nYyUyUxws47SDJ+wfa3ZsacYwzhmT5LOMobxqFFnM9Pv1w+Fus:nYyUyUueD001YwzhmVSMoNqFF
Score

1^/10
behavioral3
- Target
  
  EV.dll
- Size
  
  2.2MB
- MD5
  
  559f1a94d4fadbe42745200c5deeb94c
- SHA1
  
  606e336a95c22d0a5bd260af68a3321a284a7270
- SHA256
  
  52cf690f3436c9e98a2ab13e2871ca95da72c34ea5dd36d5c52ecccfa78b5696
- SHA512
  
  49b85d97f32322cac68c811c7f0268b6d0a71f2dc4428281d724aab0355544da4b33aebffe72e5b92d0b024e40c29392bade4eec2f00c98a46a44eb3e1e547fa
- SSDEEP
  
  49152:eX8t9RJHZ9rXOjClE3xNP8AHn9yHyS4LdR1eFcDmoFwHqM9iJ4YI:eMttZVOG237PwSS4BfZDmCwKMs1
Score

1^/10
behavioral4
- Target
  
  EV64.dll
- Size
  
  4.3MB
- MD5
  
  21184c4444b13c67546c7acf7f6ad8e3
- SHA1
  
  806fb111900a0ec8bee1f658c6828b9e005f1111
- SHA256
  
  14f61c269509eb27083883d5e8edcf9ed14f3b62cfbfb69f4f7434d64a7fa924
- SHA512
  
  9c55f71051f7c83d8644c7eaf500a5ea887aa75886480fcb607e3540f482afde0cc11396e3c2be936bd6418ce76a752132391c97b2620927a9a694eee99380eb
- SSDEEP
  
  98304:1JArZsVn2qEP6Z5AF8qRHNKs9KtEXMURNZpe5:o0tkY5sHh9FMURN
Score

1^/10
behavioral5
- Target
  
  GeoIPCitys.dll
- Size
  
  191KB
- MD5
  
  c070f2421851420e832e4f5989a775a2
- SHA1
  
  d6af3c48ffbe0fa1e0e54860836d3bbf374b8b46
- SHA256
  
  d54fd6c5903eea49a75d620d4ba232f8effb1863f5f9c974e4ac0a8fb1904131
- SHA512
  
  75c3edeb4c16d8e82eedc5595b9c3fde4cbd4a3e9deae1967ad513474920a48e4e9275fdc76f44032b1be570a4ece1a6393c4680af8989f67bcdec039d06798e
- SSDEEP
  
  3072:87IcHKc0TwY4O6BlLiJxTmd9h1+fJ5uJnjpUoh/ht21hYvpMaoySJHPc8E:8dHV0Tn4pox6d9G4k
Score

1^/10
behavioral6
- Target
  
  HVMRun64.dll
- Size
  
  4.3MB
- MD5
  
  21184c4444b13c67546c7acf7f6ad8e3
- SHA1
  
  806fb111900a0ec8bee1f658c6828b9e005f1111
- SHA256
  
  14f61c269509eb27083883d5e8edcf9ed14f3b62cfbfb69f4f7434d64a7fa924
- SHA512
  
  9c55f71051f7c83d8644c7eaf500a5ea887aa75886480fcb607e3540f482afde0cc11396e3c2be936bd6418ce76a752132391c97b2620927a9a694eee99380eb
- SSDEEP
  
  98304:1JArZsVn2qEP6Z5AF8qRHNKs9KtEXMURNZpe5:o0tkY5sHh9FMURN
Score

1^/10
behavioral7
- Target
  
  HVMRuntm.dll
- Size
  
  2.2MB
- MD5
  
  559f1a94d4fadbe42745200c5deeb94c
- SHA1
  
  606e336a95c22d0a5bd260af68a3321a284a7270
- SHA256
  
  52cf690f3436c9e98a2ab13e2871ca95da72c34ea5dd36d5c52ecccfa78b5696
- SHA512
  
  49b85d97f32322cac68c811c7f0268b6d0a71f2dc4428281d724aab0355544da4b33aebffe72e5b92d0b024e40c29392bade4eec2f00c98a46a44eb3e1e547fa
- SSDEEP
  
  49152:eX8t9RJHZ9rXOjClE3xNP8AHn9yHyS4LdR1eFcDmoFwHqM9iJ4YI:eMttZVOG237PwSS4BfZDmCwKMs1
Score

1^/10
behavioral8
- Target
  
  LiveCharts.MAPS.dll
- Size
  
  53KB
- MD5
  
  dfee15e4c6efa37e6645d8b47c8581e0
- SHA1
  
  876140e0855fcd15bfb590431fb7b280d1db4a21
- SHA256
  
  5b8a9a04f454a2c4da5989fa454a0138d3e5c40712816600f90111b7bf045c40
- SHA512
  
  4d0e7b0a5642b649c04e54d89e707ec00e79a0fa282eac19b6097b819652045c3e157763b5b2922a4c2252b0877059ef90eb60038280dbfbef9502f421d739df
- SSDEEP
  
  768:r4gOx89xKERw2U11HI+bZO603JLw8MOrNNLSW5/5xTcb2y1ehVHp:rPKB22HIwwFNuC5N6n+VHp
Score

1^/10
behavioral9
- Target
  
  LiveCharts.WinForms.dll
- Size
  
  19KB
- MD5
  
  76c775d09b24798f6923452e920979b5
- SHA1
  
  3fe2c79512a0d1153fb07f6640b27106c90d333e
- SHA256
  
  a5b61c1726304e6b72e09a0f35ddbf52f89a75a4e28e6ed098c8d1df6081b4ad
- SHA512
  
  eacc093f8ac9401f617df7e07fd68a8a0f1f03aa150283de67ad8c338fcb1520b0f07335547cf533a646ff95f239c92b029f952a706e736bcd9508817c9be0f9
- SSDEEP
  
  384:F5gNA4m0NkdPbJfGZLifwdNqF8vLvTjzHEhZFUPOxFBVGquJpQ76RqMm:F5gNnrNklJfGZLiAw27jrEhZFyYMm
Score

1^/10
behavioral10
- Target
  
  LiveCharts.Wpf.dll
- Size
  
  212KB
- MD5
  
  e924f79f0b5f3e79c98477d75831813d
- SHA1
  
  64f71e20e1953b13c771d8a8e63549ad6d64216e
- SHA256
  
  1bdbb1b5c1a50653e5c26161e9b7c03edc518721a6e10ea180a84049d967106b
- SHA512
  
  063e9bdbdaf0accb46cef5fdb98b30a97b8a6ba097a80d43a9799ff73e820d1c56d41ca9f71d94497736e3def7fbd0109db4000ab1d9e46cdc96357bf3e15fd1
- SSDEEP
  
  6144:d/vd0eaDQcUc0GkiTV3bkACA3AloBtefVt+aA2xgKPo1zlW1w:vaErjGkiTV3bkACA3AloBtefVt+aAGBF
Score

1^/10
behavioral11
- Target
  
  LiveCharts.dll
- Size
  
  148KB
- MD5
  
  9642899636959b7fc89bf34a8b998a90
- SHA1
  
  479a0254d1c9e5565c7d861bb77f54b7eae50c96
- SHA256
  
  9fcf89837b60f69c1c501e4cfa4d2860887afd0b8f325803367e795a4e3bc9ca
- SHA512
  
  435dccb57ff3e9d0663770768c866838b19fbaa5b8e79de0ca111d9c73276f016e016d1d268f72cf3435ecac122039764fada952e1a4f68f368b492bb866c9a2
- SSDEEP
  
  3072:saegvMNVoz3Vlw6/R3z3MV1IdJJGVKWHC2KdxFFT9lzo:VFJlwYMVWY65z
Score

1^/10
behavioral12
- Target
  
  NAudio.dll
- Size
  
  498KB
- MD5
  
  6ca17abccae3050f391401b2955f9333
- SHA1
  
  0975b039a793accb58130d6639262cd291d80d5d
- SHA256
  
  3ad5d09b4c8c3146d15955a564a9f1a57d7c795b189a25c6f722a738d95ef89c
- SHA512
  
  c08f366aae9baf0e7762f47a2f79d0dee5187a1d7631e5838590b7c12911bdeb6247e0ff860ade36e04f1d6717f919ad98df6d3a1a556bff4b8994db9616ccec
- SSDEEP
  
  12288:MnXnae2TPlr3zvzar5oRDaw92wP6mai9gs6C:K8lrT+r5ADakP4i9gs
Score

1^/10
behavioral13
- Target
  
  Newtonsoft.Json.dll
- Size
  
  695KB
- MD5
  
  195ffb7167db3219b217c4fd439eedd6
- SHA1
  
  1e76e6099570ede620b76ed47cf8d03a936d49f8
- SHA256
  
  e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
- SHA512
  
  56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac
- SSDEEP
  
  12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/
Score

1^/10
behavioral14
- Target
  
  System.IO.Compression.ZipFile.dll
- Size
  
  24KB
- MD5
  
  dcda916372128f13ada8b07026c1b3e7
- SHA1
  
  99d6c187de8510206a93d2eed9c65e65e0c86e72
- SHA256
  
  b5c12e9099643e2eda9b49edd0d98bdaed153c72a7e8e6235d8e78714402d16a
- SHA512
  
  d66de5d61cf7090ce2e11ca8064723a44c2fdbd7ed937f1cf4198ebe13083037941b816ad9022d332bbb853666785600fa8b1faca94c498d2f82de73fe1e42f9
- SSDEEP
  
  384:dK8Y54xRiW3mWeW+mWE3rq0GftpBj52ERHRN7dldBopPI:dKfemqiuEBHoa
Score

1^/10
behavioral15
- Target
  
  WinMM.Net.dll
- Size
  
  43KB
- MD5
  
  d4b80052c7b4093e10ce1f40ce74f707
- SHA1
  
  2494a38f1c0d3a0aa9b31cf0650337cacc655697
- SHA256
  
  59e2ac1b79840274bdfcef412a10058654e42f4285d732d1487e65e60ffbfb46
- SHA512
  
  3813b81f741ae3adb07ae370e817597ed2803680841ccc7549babb727910c7bff4f8450670d0ca19a0d09e06f133a1aaefecf5b5620e1b0bdb6bcd409982c450
- SSDEEP
  
  768:LyasDzF2TDSemqD9tGI+ffwj2Au0LVpqmf7KxcOOrYCPTxqPb85:LyaXKemqD9tGI+ffwj2Au0LVpq4KWrlv
Score

1^/10
behavioral16
- Target
  
  condef/Defender_Settings.vbs
- Size
  
  313B
- MD5
  
  b0bf0a477bcca312021177572311e666
- SHA1
  
  ea77332d7779938ae8e92ad35d6dea4f4be37a92
- SHA256
  
  af42a17d428c8e9d6f4a6d3393ec268f4d12bbfd01a897d87275482a45c847e9
- SHA512
  
  09366608f2670d2eb0e8ddcacd081a7b2d7b680c4cdd02494d08821dbdf17595b30e88f6ce0888591592e7caa422414a895846a268fd63e8243074972c9f52d8
Score

1^/10
behavioral17
- Target
  
  condef/dControl.exe
- Size
  
  447KB
- MD5
  
  58008524a6473bdf86c1040a9a9e39c3
- SHA1
  
  cb704d2e8df80fd3500a5b817966dc262d80ddb8
- SHA256
  
  1ef6c1a4dfdc39b63bfe650ca81ab89510de6c0d3d7c608ac5be80033e559326
- SHA512
  
  8cf492584303523bf6cdfeb6b1b779ee44471c91e759ce32fd4849547b6245d4ed86af5b38d1c6979729a77f312ba91c48207a332ae1589a6e25de67ffb96c31
- SSDEEP
  
  6144:Vzv+kSn74iCmfianQGDM3OXTWRDy9GYQDUmJFXIXHrsUBnBTF8JJCYrYNsQJzfgu:Vzcn7EanlQiWtYhmJFSwUBLcQZfgiD
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral18
- Target
  
  res/Lib/7z.dll
- Size
  
  1.2MB
- MD5
  
  34738b1b326c7f65d365a5b33e045662
- SHA1
  
  54f86f6d3b5d96584d6d2a76023f3522e09706fe
- SHA256
  
  4d61796b499a4177b03e8e36778ec57293bebbf26412c69e19d3248602a2bb8a
- SHA512
  
  134faa16f9913d4cfdfb8efdc9cdda6ff6907016e0f46e3f72792cbc183a688fab0484f251efa562639a75582e380b099481d79d6324e5aded0a8041492414ce
- SSDEEP
  
  24576:XXm+ENgUCp+R3RuC2HhS6yR1xF2rH8W7f3z9L/SDidq2:HX7cRuC2Q6S36DJuKq
Score

3^/10
behavioral19
- Target
  
  res/Lib/7z.exe
- Size
  
  329KB
- MD5
  
  453821572a13cc6ea0736f9db6424e13
- SHA1
  
  5f994bde8db4b658781756eaaca9416909a3a420
- SHA256
  
  b8c3871a5d6a473a2e9d08684a481aea7467a97d0a433cf55b127323ef61218f
- SHA512
  
  22468064ae306037d2b241e8a985ad5b037b45f6873e364f46d8066018533993e66834288227ae86e94e23511386f0afcf52776060b17dad11dfba4bc333b07a
- SSDEEP
  
  6144:qnzsyDn7PDS+FDflUjvJUkbEOyF1rOpsuCOuOff5kYF/lTRHA:q377SKfgvqkbFyFJC5RzH
Score

1^/10
behavioral20
- Target
  
  res/Lib/ApkEditor.jar
- Size
  
  2.9MB
- MD5
  
  2a86a4e2a358bdef45ebdb9b1ad217b6
- SHA1
  
  6f1474287e6e6f4b1264e48eda8b88dfb7b7a47f
- SHA256
  
  6bcda26492a031fc63b0d0f7b6b4590ef5017cdecc134ee9768521b03833fe00
- SHA512
  
  1e4eec08a13e72567bd2e565ddf08a17d098e470280a057c8d4c31cfd501482fe7e381364f456a31cad1b0dae69e85140111e776bbd4b95c0a450d7d7f82baa0
- SSDEEP
  
  49152:R5DHKV0tkwisQD+Dt+C4e/4sLbTJ8Jxi18ZqByspA7P41Mwsw3Ga:Lz00tkw9Qa+BegsLbS3ksP4Nn3h
Score

1^/10
behavioral21
- Target
  
  res/Lib/aapt.exe
- Size
  
  1.6MB
- MD5
  
  80f136b0642bbc25c7578e0d24d4673b
- SHA1
  
  883596e63700c45ab0d4d880b883f687f65c2457
- SHA256
  
  aa18b5646881ff3b8ca9879045a1b4a44e2d5b24fbe14486fc8236789de8237a
- SHA512
  
  4a95ac6b8d6252b68ccc842e8dd36056d5b0a773a86d4a8234f39cc2195ccec06fc64954655956447dfc27896720c92f8dfa4a39c2bb568c21fcc588723d86fc
- SSDEEP
  
  49152:XPNjtbkZdmFxzKyfMKiTYQ0QQQKXQQQQQQQf0Qw:/NjtQZ8Pf1
Score

1^/10
behavioral22
- Target
  
  res/Lib/apksigner.jar
- Size
  
  968KB
- MD5
  
  16c82bdd120d4b5803deafd3550afa5f
- SHA1
  
  c1e0626fe98fdbe2f1d483f99664ec957f44f891
- SHA256
  
  ba13fc4122f3c8ef23eed76e13792b033fd0506de90ec3ff1e5773e383eb6f15
- SHA512
  
  9918a24392d397a64f39489dba1c73b1576ff1e6bc2c302f3fd7bb037b9f42f620ee90c12ebb625e927543e3163fbc47bcf99c93fde6deb0b9376e171f792bea
- SSDEEP
  
  24576:5hCPzWIgo1IhgOBAxoBSTNDGbe48+mrmCJprmhBK5I:5hCbW6jAAks7R6OohBK5I
Score

1^/10
behavioral23
- Target
  
  res/Lib/apktool.jar
- Size
  
  19.1MB
- MD5
  
  361f0c97e34aa93c7c1d8aa3e4828f69
- SHA1
  
  f19cead377b1db01b2c7e1348aebb40e071ec548
- SHA256
  
  bc2b9a87ac5a86905b6ca343c21a0db3bc37bdd51154bc9cdf65523d95895d34
- SHA512
  
  3cab65fe5cdbcc072f486281cbc1efde84eb0ecb5db52bd633c07640bf3f09fb79861df303e9c569f1399aa307226545ff0973039c31c3934a70890c6af5f48e
- SSDEEP
  
  393216:CkyM3Zw9Rt5P66rAHKFNn514GWU/zgY6tKJzlWhkvOS4eSa:CHoA5AKF7zR/t6tKF+iSa
Score

1^/10
behavioral24
- Target
  
  res/Lib/junk.smali
- Size
  
  566KB
- MD5
  
  07daa56c012827a2ca40b03e8d3823c6
- SHA1
  
  484e0da731ccf4da4e7a52a73c53f70bbb0e1b21
- SHA256
  
  d7afac3ee30c639badcbc6b75a9a95222a6e519d53635a4c398fedc7546f4c56
- SHA512
  
  29b6879655eb818ec65cb16927a8f2d36a4384a55fb63dbe8de349430ff63757309dda5eaef20ddf43acab6806260c9723da540a86743616e8993edb1532fe4d
- SSDEEP
  
  12288:VilFY7VZ8EuJeio/CgCPK28VB081Em7zhZGIklwkLyXbWQs:gn
Score

1^/10
behavioral25
- Target
  
  res/Lib/libaapt2_jni.dll
- Size
  
  4.5MB
- MD5
  
  e84804160656ee1f7038a7a6fc1da82a
- SHA1
  
  05b1f548c81cfd6e61e5828db80511ffb8df690d
- SHA256
  
  a439a9bc2981c5f11a2bb75578f66f2b5b6afa328af05f8139321ddfe8322fad
- SHA512
  
  ee2780d87bb801ef02f82427aecf0de2c7c496dbd4024edc5ca8d1db393c669b3cb6e263470b38811d905f0bdc7a9f3649d467082e1135710837add13fcddeae
- SSDEEP
  
  49152:pqwBh9NbCoGOf3hglVHqyl47Gjt97AQTUVC2q7VgMbryS41CELpm1fUJ65PI6aPA:pUoGOPavHqyv7qaYCYCp
Score

1^/10
behavioral26
- Target
  
  res/Lib/libwinpthread-1.dll
- Size
  
  76KB
- MD5
  
  89c36848e4e5b4b1f38d54ce286f8c77
- SHA1
  
  91bcff0258201826a77615bdad7d7315b0885af4
- SHA256
  
  3f41452eb1e3aac78fd29e83a530154ff8ae66f2e70a9d54b92ed49b57cdf2fe
- SHA512
  
  dde9b72c1396cfdcc74a22989cc10e367cd03b9abee474d647272f6c8e8aa2a6b868804c335bc2773a5e3ba66dd390e7dabe78344b5839c06315b04cc62a5a2d
- SSDEEP
  
  1536:dj+7MrgyymQhXeVt3UcffVrl9jETRopN655HhUoEi1zuRvwHd541wQ04Mim3YCgb:dj0MrMmL30TuauRvw921wQ0Pim3YCgma
Score

1^/10
behavioral27
- Target
  
  res/Plugins/Android/gen-2.pl
- Size
  
  4KB
- MD5
  
  0037f9d6a388db91c980351af4c03b2f
- SHA1
  
  9384a65d636944e42c0e93310dacf68dfe016782
- SHA256
  
  f0326ad672ec2278750232cc920769710972da0594f45641441a4327a555cb8e
- SHA512
  
  6ae67ad4d61ffd437c7b5b6044c6cc2c99b47619e0a7d3338322e3df1181dc66bed393a2466953e5b4eafb8d4b2fd7864e61b04479e74e0ffe1fd8d1cdc6d57e
- SSDEEP
  
  96:2Pm57RfU5dE1Yn8RA9O6vUfXDmzWyPVEjCjpHY0e3/:2O5lw8RAU0UfXalNK0xYD
Score

3^/10
behavioral28
- Target
  
  res/Plugins/Android/gen-3.pl
- Size
  
  5KB
- MD5
  
  a03b010aaedc90001f105b4858a4e8d1
- SHA1
  
  44191d7dfea55cf37b6b14193801c90741ebb8cf
- SHA256
  
  42c8d417fcc509864d08d42ef61a4926a17010abce6c1f06187acd931a9eeaab
- SHA512
  
  8769d8329172a6d95b99056bd0b05ccab41c9b4b9b7efe16f2fb22a3f8acbab98d273a3c6bf2e845934ed58e95a08229f0fe27f78f057ca2c3f2ad547f863145
- SSDEEP
  
  96:2Pm571ukquJN67N72vNx+y/NeFyocWiBhpWKvgnJyC5a4h7Ybt:2OauuhI9/8/X+pRvgnJR5a4h0p
Score

3^/10
behavioral29
- Target
  
  res/Plugins/Android/gen-6.pl
- Size
  
  7KB
- MD5
  
  d324afb827bc0410b7387f2f22d14242
- SHA1
  
  bc8e494e86e41bee2ce2add6d0fe8919656a7102
- SHA256
  
  69572ff59d2f8b428fa2e5fad4c6abfaa78813b889740a0b17c3bf4ff522f2c7
- SHA512
  
  c337ade6028a734922d91e96abf87f889d57ebe825ab0a4c0d927cffb26e38558fc1c3f61ee042f423e639e60637b4b41cd436aebc054df2196868d58bcf428b
- SSDEEP
  
  192:2OkFCNbNbSdOYT7Ax0xrUhmE7OH7Vgpet+gfLTkRQi33o+:2pFCNIdO24gr9EiH7V03gfnkq+
Score

3^/10
behavioral30
- Target
  
  res/Plugins/Android/gen-7.pl
- Size
  
  5KB
- MD5
  
  a9f48543cf1571322f575724a0e8de35
- SHA1
  
  edaaf35c07045f0d0376202700d1d3213e42c246
- SHA256
  
  3a36e9b32c7bee100d590a31b8e622a229c6168e2fcd95dbd9fa934025e6787b
- SHA512
  
  0b7f72c4b68e78f2c73485387a3d6e0d2dc92a2298bf0f737ccf1d4bf508db1e96a164550ed7a3a0a74f99cc89d989e1d28ecd986c4f164a0b22e9760dadadc1
- SSDEEP
  
  96:2Pm57cUV8+pZmIjZ9gZdXarsspyqU0H16DN1kvZFgfqYTfTvPNLMrnSkCXeYH/:2OduEmIj8ZdKrQ0HkzkvZFO31YdCuI/
Score

3^/10
behavioral31
- Target
  
  res/Plugins/Android/gen-8.pl
- Size
  
  4KB
- MD5
  
  767a048eec9220ff6d1434f8a6e6bcff
- SHA1
  
  c328487ea7944dd413e6675065a4f22a8b0835eb
- SHA256
  
  ed866f146cc3cec59e01c9ec18aa62d25590c9f789ec127c4c8d29350970edeb
- SHA512
  
  4bc516c28b4d701153fec415c666f466f21aa095f6ab396cc98f84dadfb20fc60c47a6d6fe52ec43e964bc38fd1ac779e512171c6435f261710f53bdd3e7aa3a
- SSDEEP
  
  96:JK+BK+W8yWwp+sT+YEIjxVuakCSq2z50gcBXfj8dPaQnmeCwKGS4AE9Wq:YAK+DrOfOIV7kx/cd8U5e0rZlq
Score

3^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Xworm Payload

Checks computer location settings

Drops startup file

Executes dropped EXE

Adds Run key to start application

UPX packed file

AutoIT Executable

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32