Overview
overview
10Static
static
3xSpoofer-R....0.rar
windows10-2004-x64
7xSpoofer-R...ys.txt
windows10-2004-x64
1xSpoofer-R...N8rnm5
windows10-2004-x64
1xSpoofer-R...or.bat
windows10-2004-x64
9xSpoofer-R...er.bat
windows10-2004-x64
1xSpoofer-R...os.bat
windows10-2004-x64
1xSpoofer-R...23.zip
windows10-2004-x64
1install_all.bat
windows10-2004-x64
7vcredist2005_x64.exe
windows10-2004-x64
7vcredist2005_x86.exe
windows10-2004-x64
7vcredist2008_x64.exe
windows10-2004-x64
7vcredist2008_x86.exe
windows10-2004-x64
7vcredist2010_x64.exe
windows10-2004-x64
7vcredist2010_x86.exe
windows10-2004-x64
7vcredist2012_x64.exe
windows10-2004-x64
7vcredist2012_x86.exe
windows10-2004-x64
7vcredist2013_x64.exe
windows10-2004-x64
7vcredist2013_x86.exe
windows10-2004-x64
7vcredist20...64.exe
windows10-2004-x64
7vcredist20...86.exe
windows10-2004-x64
7xSpoofer-R...��.txt
windows10-2004-x64
1xSpoofer-R...up.exe
windows10-2004-x64
7xSpoofer-R...up.exe
windows10-2004-x64
7xSpoofer-R...an.bat
windows10-2004-x64
1xSpoofer-R...ew.exe
windows10-2004-x64
10General
-
Target
xSpoofer-ReleaseNew2.0.rar
-
Size
109.0MB
-
Sample
240401-mpqxsscg56
-
MD5
e0fc7329333f0e0fbd254da085ca2ad8
-
SHA1
bd008308529302f301964c2ad03704eb65fa4db7
-
SHA256
37cfc128f60c2c2ede7ffb2db6b9873480e53ecac6184334a2308df477b65be6
-
SHA512
c84da0c51fcbe07b359284c7b7b0b30220f22fccef14ccdb92954f180b224e8e14afe32e3325167db6f361eb147773c8f90f4093f5428f71675e5d37062f7b06
-
SSDEEP
3145728:bA7F7pGxl3ksxWz/tqiTFgPEK2H5fyK3OqD9Tmcb2LvEBATd79sY:bA7Z4hxWz/oiBgPEK2veETmcywBKdRsY
Static task
static1
Behavioral task
behavioral1
Sample
xSpoofer-ReleaseNew2.0.rar
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
xSpoofer-ReleaseNew2.0/keys.txt
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
xSpoofer-ReleaseNew2.0/rjN8rnm5
Resource
win10v2004-20231215-en
Behavioral task
behavioral4
Sample
xSpoofer-ReleaseNew2.0/tools/Fix - Windows 11/1.FixError.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
xSpoofer-ReleaseNew2.0/tools/Fix - Windows 11/2.FixDriver.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral6
Sample
xSpoofer-ReleaseNew2.0/tools/Fix - Windows 11/3.FixBios.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
xSpoofer-ReleaseNew2.0/tools/Visual C++/Visual-C-Runtimes-All-in-One-May-2023.zip
Resource
win10v2004-20240319-en
Behavioral task
behavioral8
Sample
install_all.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
vcredist2005_x64.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral10
Sample
vcredist2005_x86.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
vcredist2008_x64.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral12
Sample
vcredist2008_x86.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
vcredist2010_x64.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral14
Sample
vcredist2010_x86.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
vcredist2012_x64.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral16
Sample
vcredist2012_x86.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
vcredist2013_x64.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral18
Sample
vcredist2013_x86.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral19
Sample
vcredist2015_2017_2019_2022_x64.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral20
Sample
vcredist2015_2017_2019_2022_x86.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
xSpoofer-ReleaseNew2.0/tools/Visual C++/วิธีติดตั้ง.txt
Resource
win10v2004-20240226-en
Behavioral task
behavioral22
Sample
xSpoofer-ReleaseNew2.0/tools/dxwebsetup.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
xSpoofer-ReleaseNew2.0/tools/revosetup.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral24
Sample
xSpoofer-ReleaseNew2.0/tools/xspoofer-clean.bat
Resource
win10v2004-20240226-en
Malware Config
Extracted
xworm
210.246.215.82:7000
-
Install_directory
%ProgramData%
-
install_file
WindowsNT.exe
Targets
-
-
Target
xSpoofer-ReleaseNew2.0.rar
-
Size
109.0MB
-
MD5
e0fc7329333f0e0fbd254da085ca2ad8
-
SHA1
bd008308529302f301964c2ad03704eb65fa4db7
-
SHA256
37cfc128f60c2c2ede7ffb2db6b9873480e53ecac6184334a2308df477b65be6
-
SHA512
c84da0c51fcbe07b359284c7b7b0b30220f22fccef14ccdb92954f180b224e8e14afe32e3325167db6f361eb147773c8f90f4093f5428f71675e5d37062f7b06
-
SSDEEP
3145728:bA7F7pGxl3ksxWz/tqiTFgPEK2H5fyK3OqD9Tmcb2LvEBATd79sY:bA7Z4hxWz/oiBgPEK2veETmcywBKdRsY
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
xSpoofer-ReleaseNew2.0/keys.txt
-
Size
41B
-
MD5
f730357cc3276e5383ad7e30b3fc9102
-
SHA1
c41c012f437cf04b14e8b40724406c153fadb31d
-
SHA256
6ebd3812c5f2355a3b521b226c0d6111b23f4d61666e4e10b989e64d4dfc0c86
-
SHA512
ca6de19999243f968038dfb9b0aafa81636ff1655e0c0442fae1c26122830d44ba5f8f6a088cfb2464f77c88ed15a6ea20138e4bf4038b33e65aa82dfb87ba9d
Score1/10 -
-
-
Target
xSpoofer-ReleaseNew2.0/rjN8rnm5
-
Size
41B
-
MD5
9eab77cb455ac5af5ee33f2b58b87c5e
-
SHA1
8746ced0cdcc6ccc9ced7f76d602f2099ec498ad
-
SHA256
18fc489631a79742394ea3c099b55b1fc02f707b8d6b306c3156a1614963c222
-
SHA512
28ecfe4f2df01ee29793522a6882a1644c311a716468549698f5b769b4942399f79ee3c45152f4c780391fff5b2f7cab68df32ff1c4bdd344249d52adfe40e28
Score1/10 -
-
-
Target
xSpoofer-ReleaseNew2.0/tools/Fix - Windows 11/1.FixError.bat
-
Size
439B
-
MD5
1006ae20bb307cb1cba3d9704c0bf7cb
-
SHA1
8815859c81434941102d8886107b44644e7e9591
-
SHA256
66398f202427e20fc182859c4e21cdcd3b83e7f6412ee2b121a9d109d3d97f03
-
SHA512
36b7249b2e7f0ea958c5b9271457577718f08bcebf5756fa9eba9a1d783b0f508e0d37ebbe4c62dfd365f0171d1e3e259614f6f4bf3105d655df7ab8e9d0a446
Score9/10-
Modifies boot configuration data using bcdedit
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
xSpoofer-ReleaseNew2.0/tools/Fix - Windows 11/2.FixDriver.bat
-
Size
317B
-
MD5
ff370c638e689c78896880418dbb80d6
-
SHA1
61180afeb4d5d5e48068fa0d7adbb1822b11769d
-
SHA256
ada8d5dfe251b0fa0760d9c0d8d1733919c6d072730d49f394fcaf44c0221353
-
SHA512
842d096eb5f1897d1970c66850231e2457c9e97433cee73ba3c59691f6379209af89260decf168d4edbcb7ed2edd425dc89b959aebd6cbb03fcc766ddfef6ff1
Score1/10 -
-
-
Target
xSpoofer-ReleaseNew2.0/tools/Fix - Windows 11/3.FixBios.bat
-
Size
442B
-
MD5
0bf665e58712ce11dd65007f89fcb0f0
-
SHA1
a1f49dc613257d434cb54ad13abec51b3f9fb35d
-
SHA256
1ac5ba24ca20bea659b8fa7bfb7c75a2b8c86d46ba9e84c131ddab86f6999f4e
-
SHA512
152de4404688ce82a245dd7df79226eb4b2f3aef9d4acb50559169f1fcf07ce39e02493f8e6ad285c2a80a5b124745650c5f2286be254b81cfdd164f6b2e07f6
Score1/10 -
-
-
Target
xSpoofer-ReleaseNew2.0/tools/Visual C++/Visual-C-Runtimes-All-in-One-May-2023.zip
-
Size
95.3MB
-
MD5
0e143f6074d17a029b13809f71061f9c
-
SHA1
e823a0d21624643c4381b171d14861e4fc2a1dfd
-
SHA256
305d700b8e6526149f31864c70529304494584ae1d2b68d271b1bfec9b351def
-
SHA512
9cab9965a843b3e9fd7fe394e3c94cf2d0ca7103e8be7dd5cc1827dbfbaeb105a4567cf62ed8cc875b157f2a54c69f1b93261c4aeb9fcc366b9b54bd8845ec7e
-
SSDEEP
1572864:NcF7pGAfV8om32ZiGPwPxWfIi5/tqiTqy/sn8pgNZCkz2H5fyJ83DiHHqDZpbhTT:uF7pGxl3ksxWz/tqiTFgPEK2H5fyK3Oa
Score1/10 -
-
-
Target
install_all.bat
-
Size
1KB
-
MD5
eb55aae630088c91b88d2bfae4115ea0
-
SHA1
1495c69946edca474fe30c2b713aacb9f03bbf3a
-
SHA256
492ee4c16ac45a5483088583c9caa08252d3a1bb3922dbbec834d61673538f17
-
SHA512
48e4a3fa644b1859131cfec782641aaee9938c88f939ca0509df0f4120b922187753ce7cd7d912d2f90108526ba34d767baa28c9eeeb25d43fff77d38ddfd882
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
vcredist2005_x64.exe
-
Size
3.0MB
-
MD5
56eaf4e1237c974f6984edc93972c123
-
SHA1
ee916012783024dac67fc606457377932c826f05
-
SHA256
0551a61c85b718e1fa015b0c3e3f4c4eea0637055536c00e7969286b4fa663e0
-
SHA512
f8e15363e34db5b5445c41eea4dd80b2f682642cb8f1046f30ea4fb5f4f51b0b604f7bcb3000a35a7d3ba1d1bcc07df9b25e4533170c65640b2d137c19916736
-
SSDEEP
49152:+r67+stI6RWGTAdyvlADUrpTmcOgohwJpEM5grO3oc1OXZViFeRyDErkLUMHzkRN:AM9l8pUr9m30L5grOQXZKAsErkbQRN
Score7/10-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
vcredist2005_x86.exe
-
Size
2.6MB
-
MD5
ce2922f83fb4b170affce0ea448b107b
-
SHA1
b8fab0bb7f62a24ddfe77b19cd9a1451abd7b847
-
SHA256
4ee4da0fe62d5fa1b5e80c6e6d88a4a2f8b3b140c35da51053d0d7b72a381d29
-
SHA512
e94b077e054bd8992374d359f3adc4d1d78d42118d878556715d77182f7d03635850b2b2f06c012ccb7c410e2b3c124cf6508473efe150d3c51a51857ce1c6b0
-
SSDEEP
49152:rqGRIgg2SirwkF9xdtb43lyGKCafpKkiwnaDahmPzpY4FPyaza:rxxLFfY/KCCpKk9aWMzZyau
Score7/10-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
vcredist2008_x64.exe
-
Size
5.0MB
-
MD5
e2ada570911edaaae7d1b3c979345fce
-
SHA1
a7c83077b8a28d409e36316d2d7321fa0ccdb7e8
-
SHA256
b811f2c047a3e828517c234bd4aa4883e1ec591d88fad21289ae68a6915a6665
-
SHA512
b890d83d36f3681a690828d8926139b4f13f8d2fcd258581542cf2fb7dce5d7e7e477731c9545a54a476ed5c2aaac44ce12d2c3d9b99c2c1c04a5ab4ee20c4b8
-
SSDEEP
98304:98I8/pCVmdbx2rU/xFnTBU8UeNeagEXtIgvjyGFDdo85qyKYr5NM62dNKViClWPg:9Avx2rw5Th8XeNyGtW0DJr5uDdQdWPet
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
vcredist2008_x86.exe
-
Size
4.3MB
-
MD5
35da2bf2befd998980a495b6f4f55e60
-
SHA1
470640aa4bb7db8e69196b5edb0010933569e98d
-
SHA256
6b3e4c51c6c0e5f68c8a72b497445af3dbf976394cbb62aa23569065c28deeb6
-
SHA512
bf630667c87b8f10ef85b61f2f379d7ce24124618b999babfec8e2df424eb494b8f1bf0977580810dff5124d4dbdec9539ff53e0dc14625c076fa34dfe44e3f2
-
SSDEEP
98304:vT4tlQ0aeY51XNURYxaA6qjEb9tRuPmBmWBDLTMTtbslyzRt9cuISY6Qa:vKlhE9U6476itR+mLPw6lyZY61
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
vcredist2010_x64.exe
-
Size
9.8MB
-
MD5
c9d9eebccef20d637f193490cec05e79
-
SHA1
15d032d669078aa6f0f7fd1cbf4115a070bd034d
-
SHA256
cc7ec044218c72a9a15fca2363baed8fc51095ee3b2a7593476771f9eba3d223
-
SHA512
24b56b5d9b48d75baf53a98e007ace3e7d68fbd5fa55b75ae1a2c08dd466d20b13041f80e84fdb64b825f070843f9247daba681eff16baf99a4b14ea99f5cfd6
-
SSDEEP
196608:n9A3D5MBD0vwqMKgL29M2JWMWiKV/nPlnqIaAAVINqsAsbPnpCxmz7dU8:23D5MBwZMd0b4oSQ7VSrAs1gEdU8
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
vcredist2010_x86.exe
-
Size
8.6MB
-
MD5
1801436936e64598bab5b87b37dc7f87
-
SHA1
28c54491be70c38c97849c3d8cfbfdd0d3c515cb
-
SHA256
67313b3d1bc86e83091e8de22981f14968f1a7fb12eb7ad467754c40cd94cc3d
-
SHA512
0b8f20b0f171f49eb49367f1aafa7101e1575ef055d7007197c21ab8fe8d75a966569444449858c31bd147357d2bf5a5bd623fe6c4dbabdc7d16999b3256ab8c
-
SSDEEP
196608:e9A3DAnfudQZKuNK0kMp2Wxw2tr3aA5Jegn9kaK6Hj0aaNz9ZBJ7C:t3DAnGKZKuNK0SvAn9kaK6gaaNRZbC
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
vcredist2012_x64.exe
-
Size
6.9MB
-
MD5
3c03562b5af9ed347614053d459d7778
-
SHA1
1a5d93dddbc431ab27b1da711cd3370891542797
-
SHA256
681be3e5ba9fd3da02c09d7e565adfa078640ed66a0d58583efad2c1e3cc4064
-
SHA512
6c2f4eeb38705c2dafc4d75d8de0036a0aed197f83e9cb261d255fe26e4391f24b0b156e9019c739dd99057041c2bb80f9ab80f56869bc1e01f0469a76f24f75
-
SSDEEP
98304:vRWKtOl5CCGomEBkHUBmExJrIUg32t9RRyvo7VnOcyP24Vc35re94tb0eYbY1poo:v3tO3CCT/hBxtVtyUVnmSprzVIY7QKAk
Score7/10-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
vcredist2012_x86.exe
-
Size
6.3MB
-
MD5
7f52a19ecaf7db3c163dd164be3e592e
-
SHA1
96b377a27ac5445328cbaae210fc4f0aaa750d3f
-
SHA256
b924ad8062eaf4e70437c8be50fa612162795ff0839479546ce907ffa8d6e386
-
SHA512
60220a7c9de72796bd0d6d44e2b82dbdd9c850cc611e505b7dc0213f745ff1f160b2d826eaf62fd6e07c1a31786a71d83dc6e94389690fd59b895e85aba7444b
-
SSDEEP
196608:OwKjLs+UIkzHlAv4X6zQRgiwHLD2LQIX/:9KjaxFFP1iLD2LnP
Score7/10-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
vcredist2013_x64.exe
-
Size
6.9MB
-
MD5
49b1164f8e95ec6409ea83cdb352d8da
-
SHA1
1194e6bf4153fa88f20b2a70ac15bc359ada4ee2
-
SHA256
a4bba7701e355ae29c403431f871a537897c363e215cafe706615e270984f17c
-
SHA512
29b65e45ce5233f5ad480673752529026f59a760466a1026bb92fc78d1ccc82396ecb8f07b0e49c9b2315dbef976cb417273c77f4209475036775fe687dd2d60
-
SSDEEP
196608:bPwMcp4zKAKpCPhD5nsF5GBAiSG5VtJFeHi:0McAWKJsF5vib5VtTeC
Score7/10-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
vcredist2013_x86.exe
-
Size
6.2MB
-
MD5
38a1b890ce847167d16567cf7b7a5642
-
SHA1
0f5d66bcaf120f2d3f340e448a268fe4bbf7709d
-
SHA256
53b605d1100ab0a88b867447bbf9274b5938125024ba01f5105a9e178a3dcdbd
-
SHA512
907a9aac75f4f241a85ecb94690f74f5818eea0b2241d9ef6d4bf171f17da0f4bc702e2bb90c04f194592fcc61df5c250508d16b886ed837a74b9f45da9627cd
-
SSDEEP
196608:hPMlUtWUVbuVAwgg1wGiU6QCs9FbEwEhMJ:oUUUNHg1wGd6QxbEwv
Score7/10-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
vcredist2015_2017_2019_2022_x64.exe
-
Size
24.2MB
-
MD5
077f0abdc2a3881d5c6c774af821f787
-
SHA1
c483f66c48ba83e99c764d957729789317b09c6b
-
SHA256
917c37d816488545b70affd77d6e486e4dd27e2ece63f6bbaaf486b178b2b888
-
SHA512
70a888d5891efd2a48d33c22f35e9178bd113032162dc5a170e7c56f2d592e3c59a08904b9f1b54450c80f8863bda746e431b396e4c1624b91ff15dd701bd939
-
SSDEEP
786432:Rip+Ty2SfUfnRLL96rFyZrimbJdCnoJpOhX+dx:Mp+Ty2SfWnFJ6rQVdKhX+dx
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
vcredist2015_2017_2019_2022_x86.exe
-
Size
13.2MB
-
MD5
ae427c1329c3b211a6d09f8d9506eb74
-
SHA1
c9b5b7969e499a4fd9e580ef4187322778e1936a
-
SHA256
5365a927487945ecb040e143ea770adbb296074ece4021b1d14213bde538c490
-
SHA512
ec70786704ead0494fab8f7a9f46554feaca45c79b831c5963ecc20243fa0f31053b6e0ceb450f86c16e67e739c4be53ad202c2397c8541365b7252904169b41
-
SSDEEP
393216:yvRtlptVYmfr7yBG/41w0vJROFTfCTKw27:y1pttD7yBG/OTvJRGCN27
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
xSpoofer-ReleaseNew2.0/tools/Visual C++/วิธีติดตั้ง.txt
-
Size
792B
-
MD5
78915e149e25b857035f84f6de8cdc61
-
SHA1
e65bab0ce3d0cda461e0d2658cdb1a23f69b0d85
-
SHA256
fccda4aed953d3a17daf55871b8c05e49e2c31979a6476d0b62e189d33e1ac7e
-
SHA512
d7a3835e4602e921bb3851c10a72bd3454f1c0a3599b2876c41f1874bbd0ddfdcbe63f40fd07c29436dad8a3a50567a015bb6b9c68f783355f6651c4be513198
Score1/10 -
-
-
Target
xSpoofer-ReleaseNew2.0/tools/dxwebsetup.exe
-
Size
288KB
-
MD5
2cbd6ad183914a0c554f0739069e77d7
-
SHA1
7bf35f2afca666078db35ca95130beb2e3782212
-
SHA256
2cf71d098c608c56e07f4655855a886c3102553f648df88458df616b26fd612f
-
SHA512
ff1af2d2a883865f2412dddcd68006d1907a719fe833319c833f897c93ee750bac494c0991170dc1cf726b3f0406707daa361d06568cd610eeb4ed1d9c0fbb10
-
SSDEEP
6144:kWK8fc2liXmrLxcdRDLiH1vVRGVOhMp421/7YQV:VcvgLARDI1KIOzO0
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
-
-
Target
xSpoofer-ReleaseNew2.0/tools/revosetup.exe
-
Size
6.6MB
-
MD5
e3574fa758b4bfc212fb9020dc882935
-
SHA1
2dccacd9037a88082214638440d4ccdf2a894990
-
SHA256
d6d51e144c72adbcf595cbba251001059980cb576f22530e45c53d9f5a0a4dfb
-
SHA512
d57e1f7d5247549f04cfd3cdfcd661be9d70c92a7f72d0b0c5a46ccec4ee98d93520eb4aa8a41561a03309b77ccdc7d4796940cc29eb612c521c1e3287f29ee9
-
SSDEEP
196608:Hdja9oHCYgyaUqjPCsqEc83U3pl6H5DUyXq:9ja9oHCPUqjbk3pYfa
Score7/10-
Executes dropped EXE
-
-
-
Target
xSpoofer-ReleaseNew2.0/tools/xspoofer-clean.bat
-
Size
563B
-
MD5
5dac7208934eb5dc67e2ea51c2506528
-
SHA1
ccc5a26f2a0454cfbb7496faa232116446194394
-
SHA256
edaf0685c779d332d78cc3a836aa01808eb84aa99252a5b123055a2a4f13a6f3
-
SHA512
10aa0df67f323ecb06c074ef15932195de1dddf7ed4c4a87b93024e836e99db99d46c6777690092ee756d320f9bc38164f2bbbed03f0b389f39a42ae76a420bf
Score1/10 -
-
-
Target
xSpoofer-ReleaseNew2.0/xSpoofer-new.exe
-
Size
7.0MB
-
MD5
6b47add2cf208a988c57c8f00461de0b
-
SHA1
cf9518f4bd3cf94ab7225423e4365f4a262a9c61
-
SHA256
b9503635ef25a584476f71aa4a010b3978ee04e8a956e810b71b05bbef32bb07
-
SHA512
e2f5eb2e82ab1951e0bfe0994219ed676a71ccb9804be7ebbea42d9ad9596922c16600a101caccbbfd161b98fcc2d7b3e9591afb66e1878627f6cee0918b6a35
-
SSDEEP
196608:oA+bmZgkjTKD4C4+e4YcJE4AcnPmP99j+zE/k:oAEGZjTvC4EtAcPmPJ/
-
Detect Xworm Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Drops file in Drivers directory
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-