General
-
Target
XWorm V5.1.zip
-
Size
29.7MB
-
Sample
240326-rl67tsca56
-
MD5
b2a6c59063aebe1924295be7f1476ef8
-
SHA1
3cc6620ed1f1a25ef98f47f35aa5ff583bfbdeda
-
SHA256
9c9777920e8613731a3586cd4ae3e3cd2d497800c3e34a7408897a6f5c56e1a3
-
SHA512
9f8f13b804977f4d3776467a025232e2ba018b4ae72ac06968b31a392fcab25ebc7f79e6587c1db1753a87de55c1d4bf0cc4a3cdbad62a159ab67f724a2225c6
-
SSDEEP
786432:vewOXW8MbxTSU1SG+NmsOtYZ1aAUPjiPz:vUvMTNLumXAl
Static task
static1
Behavioral task
behavioral1
Sample
XWorm V5.1.zip
Resource
win11-20240221-en
Malware Config
Targets
-
-
Target
XWorm V5.1.zip
-
Size
29.7MB
-
MD5
b2a6c59063aebe1924295be7f1476ef8
-
SHA1
3cc6620ed1f1a25ef98f47f35aa5ff583bfbdeda
-
SHA256
9c9777920e8613731a3586cd4ae3e3cd2d497800c3e34a7408897a6f5c56e1a3
-
SHA512
9f8f13b804977f4d3776467a025232e2ba018b4ae72ac06968b31a392fcab25ebc7f79e6587c1db1753a87de55c1d4bf0cc4a3cdbad62a159ab67f724a2225c6
-
SSDEEP
786432:vewOXW8MbxTSU1SG+NmsOtYZ1aAUPjiPz:vUvMTNLumXAl
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1