Overview

overview

10

Static

static

10

XWorm-RAT-...in.zip

windows11-21h2-x64

1

XWorm-RAT-...er.exe

windows11-21h2-x64

10

XWorm-RAT-...ox.dll

windows11-21h2-x64

1

XWorm-RAT-...er.bat

windows11-21h2-x64

5

XWorm-RAT-...I2.dll

windows11-21h2-x64

1

XWorm-RAT-...io.dll

windows11-21h2-x64

1

XWorm-RAT-...ip.dll

windows11-21h2-x64

1

XWorm-RAT-...ws.dll

windows11-21h2-x64

1

XWorm-RAT-...AC.dll

windows11-21h2-x64

1

XWorm-RAT-...OD.dll

windows11-21h2-x64

1

XWorm-RAT-...en.dll

windows11-21h2-x64

1

XWorm-RAT-...ks.dll

windows11-21h2-x64

1

XWorm-RAT-...ot.dll

windows11-21h2-x64

1

XWorm-RAT-...at.dll

windows11-21h2-x64

1

XWorm-RAT-...um.dll

windows11-21h2-x64

1

XWorm-RAT-...rd.dll

windows11-21h2-x64

1

XWorm-RAT-...er.dll

windows11-21h2-x64

1

XWorm-RAT-...ss.dll

windows11-21h2-x64

1

XWorm-RAT-...ts.dll

windows11-21h2-x64

1

XWorm-RAT-...ts.dll

windows11-21h2-x64

1

XWorm-RAT-...WD.dll

windows11-21h2-x64

1

XWorm-RAT-...ns.dll

windows11-21h2-x64

1

XWorm-RAT-...WD.dll

windows11-21h2-x64

1

XWorm-RAT-...il.dll

windows11-21h2-x64

1

XWorm-RAT-...er.dll

windows11-21h2-x64

1

XWorm-RAT-...er.dll

windows11-21h2-x64

1

XWorm-RAT-...la.dll

windows11-21h2-x64

1

XWorm-RAT-...DP.dll

windows11-21h2-x64

1

XWorm-RAT-...NC.dll

windows11-21h2-x64

1

XWorm-RAT-...fo.dll

windows11-21h2-x64

1

XWorm-RAT-...nd.png

windows11-21h2-x64

3

XWorm-RAT-...er.php

windows11-21h2-x64

3

Analysis

  • max time kernel
    144s
  • max time network
    152s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    14/03/2024, 18:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    XWorm-RAT-V2.1-main/XWorm RAT V2.1/Fixer.bat

  • Size

    122B

  • MD5

    2dabc46ce85aaff29f22cd74ec074f86

  • SHA1

    208ae3e48d67b94cc8be7bbfd9341d373fa8a730

  • SHA256

    a11703fd47d16020fa099a95bb4e46247d32cf8821dc1826e77a971cdd3c4c55

  • SHA512

    6a50b525bc5d8eb008b1b0d704f9942f72f1413e65751e3de83d2e16ef3cf02ef171b9da3fff0d2d92a81daac7f61b379fcf7a393f46e914435f6261965a53b3

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Fixer.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3660
    • C:\Windows\system32\lodctr.exe
      lodctr /r
      2⤵
      • Drops file in System32 directory
      PID:756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System32\perfc009.dat
    Filesize

    35KB

    MD5

    7f41bddfccdfe4a298b0bfcf14a20836

    SHA1

    8acacdd3503c65fb2ddc4fbb9f41811ae8550276

    SHA256

    446d064235ee69494d5797e01e4039eca0a026c9b801cacf0670334104eedbbb

    SHA512

    bb984e7660899c293eb3e8c14156cee5237e0cd2b0ada7b03c850f027a08d728fe8774f7a377e911ed54bd788ac5c88fd6e24b41fda6d5020dc6fae0e4980c85

    Download Submit

  • C:\Windows\System32\perfh009.dat
    Filesize

    297KB

    MD5

    50362589add3f92e63c918a06d664416

    SHA1

    e1f96e10fb0f9d3bec9ea89f07f97811ccc78182

    SHA256

    9a60acb9d0cb67b40154feb3ff45119f122301ee059798c87a02cc0c23e2ffce

    SHA512

    e21404bc7a5708ab1f4bd1df5baff4302bc31ac894d0940a38b8967b40aac46c2b3e51566d6410e66c4e867e1d8a88489adccf8bdcaec682e9ddabc0dac64468

    Download Submit