2c839d033e5add685c2e993e032331ad96895d7b221cf2c05e9d74959079eb69 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

XWorm_5.7_...ed.rar

windows10-2004-x64

7

Sharing

General

Target

XWorm_5.7_Edition_Cracked.rar
Size

30.6MB
Sample

240318-3qf2zsce7s
MD5

19bd3c412cb106ee5a0b69d014163115
SHA1

9930f03b8de46e90666408fcacdf49a99407a7c0
SHA256

2c839d033e5add685c2e993e032331ad96895d7b221cf2c05e9d74959079eb69
SHA512

448b434f0e3119707755e70c45f6470e25e89aa9738d60a64c9efdd6ba48c82fa77660e0b005d3a030c6c1e23cb928e0918c011fcfb38b7e52d6e8c4771ec2dd
SSDEEP

786432:rHKCyls5gf+p2FO2AfvwQEA1E9vbFSxWxcH2s1:rHLgGYtUvwQ69jFSxWgF

Score

7^/10

spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

XWorm_5.7_Edition_Cracked.rar

Resource

win10v2004-20240226-en

spyware stealer upx

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  XWorm_5.7_Edition_Cracked.rar
- Size
  
  30.6MB
- MD5
  
  19bd3c412cb106ee5a0b69d014163115
- SHA1
  
  9930f03b8de46e90666408fcacdf49a99407a7c0
- SHA256
  
  2c839d033e5add685c2e993e032331ad96895d7b221cf2c05e9d74959079eb69
- SHA512
  
  448b434f0e3119707755e70c45f6470e25e89aa9738d60a64c9efdd6ba48c82fa77660e0b005d3a030c6c1e23cb928e0918c011fcfb38b7e52d6e8c4771ec2dd
- SSDEEP
  
  786432:rHKCyls5gf+p2FO2AfvwQEA1E9vbFSxWxcH2s1:rHLgGYtUvwQ69jFSxWgF
Score

7^/10

spyware stealer upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

spywarestealerupx

© 2018-2025

Terms | Privacy