General
-
Target
XWorm V5.2.exe
-
Size
9.6MB
-
Sample
231121-3p11rshc24
-
MD5
1320b870d468db82ab7530c9f3b9a2de
-
SHA1
1f3789d89649461d5ed29dba8ffbf3ced3e907ee
-
SHA256
7b91bcb0374d99e65d5d741be81d356575cfcd0832c32f35b641723258ac2a28
-
SHA512
1658b98440ba25b17fee7ce610bf0d52b523d02a5f91ce77779a3e535ebf0b79d443145a46487f28fc8ffca2b43e229fabc42f9485e2651e612d71947841a285
-
SSDEEP
196608:tROdkWMB1TCCAaa/f+cUhBLHK1gzaFsKnULGZ3d/VRyDhwymXeexoAxG:tRK2B1CkcDUDLHK18as0mcvow+Ax
Static task
static1
Behavioral task
behavioral1
Sample
XWorm V5.2.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
XWorm V5.2.exe
Resource
win10v2004-20231020-en
Malware Config
Targets
-
-
Target
XWorm V5.2.exe
-
Size
9.6MB
-
MD5
1320b870d468db82ab7530c9f3b9a2de
-
SHA1
1f3789d89649461d5ed29dba8ffbf3ced3e907ee
-
SHA256
7b91bcb0374d99e65d5d741be81d356575cfcd0832c32f35b641723258ac2a28
-
SHA512
1658b98440ba25b17fee7ce610bf0d52b523d02a5f91ce77779a3e535ebf0b79d443145a46487f28fc8ffca2b43e229fabc42f9485e2651e612d71947841a285
-
SSDEEP
196608:tROdkWMB1TCCAaa/f+cUhBLHK1gzaFsKnULGZ3d/VRyDhwymXeexoAxG:tRK2B1CkcDUDLHK18as0mcvow+Ax
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-