General

  • Target

    XWorm V5.3.exe

  • Size

    25.0MB

  • Sample

    240410-clklhabh25

  • MD5

    c0b4c6349df031081dd6aee3f25a1c9b

  • SHA1

    82f164fdff783d2a02ae6db9e6d71d4c40a8acf7

  • SHA256

    f13c9eb085bec9239557753ab617404e60a035422194550fb56c2df96bf00670

  • SHA512

    63a18a2d0d894946d32a97f2e2112509b0ad54b4d5e4c04123c1c278f35669a909588d0d3036a054d544eedc6aa3025b8edd1560950e45749ee9f2db2277f69b

  • SSDEEP

    393216:KU25uLx3D9Pp9HlzCDjXW4ReN1RwdtKqSPg5898ELJX88BBYUK5TzRMxwMMbNJNT:KsxP3F+30MPSP9FJXxKJoMbB

Score
7/10

Malware Config

Targets

    • Target

      XWorm V5.3.exe

    • Size

      25.0MB

    • MD5

      c0b4c6349df031081dd6aee3f25a1c9b

    • SHA1

      82f164fdff783d2a02ae6db9e6d71d4c40a8acf7

    • SHA256

      f13c9eb085bec9239557753ab617404e60a035422194550fb56c2df96bf00670

    • SHA512

      63a18a2d0d894946d32a97f2e2112509b0ad54b4d5e4c04123c1c278f35669a909588d0d3036a054d544eedc6aa3025b8edd1560950e45749ee9f2db2277f69b

    • SSDEEP

      393216:KU25uLx3D9Pp9HlzCDjXW4ReN1RwdtKqSPg5898ELJX88BBYUK5TzRMxwMMbNJNT:KsxP3F+30MPSP9FJXxKJoMbB

    Score
    7/10
    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks