General
-
Target
XWorm.exe
-
Size
456KB
-
Sample
240420-zx85kaae3w
-
MD5
515a0c8be21a5ba836e5687fc2d73333
-
SHA1
c52be9d0d37ac1b8d6bc09860e68e9e0615255ab
-
SHA256
9950788284df125c7359aeb91435ed24d59359fac6a74ed73774ca31561cc7ae
-
SHA512
4e2bd7ce844bba25aff12e2607c4281b59f7579b9407139ef6136ef09282c7afac1c702adebc42f8bd7703fac047fd8b5add34df334bfc04d3518ea483225522
-
SSDEEP
6144:2uWP/BtSnurUylcrGYlnIttxv8HbcLgsd1Gus5psdrvV44dixP+MHDkBYdxtG9+V:2uWP/BZUyoLu8Agsmxwrvejkd2
Static task
static1
Behavioral task
behavioral1
Sample
XWorm.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
XWorm.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
XWorm.exe
-
Size
456KB
-
MD5
515a0c8be21a5ba836e5687fc2d73333
-
SHA1
c52be9d0d37ac1b8d6bc09860e68e9e0615255ab
-
SHA256
9950788284df125c7359aeb91435ed24d59359fac6a74ed73774ca31561cc7ae
-
SHA512
4e2bd7ce844bba25aff12e2607c4281b59f7579b9407139ef6136ef09282c7afac1c702adebc42f8bd7703fac047fd8b5add34df334bfc04d3518ea483225522
-
SSDEEP
6144:2uWP/BtSnurUylcrGYlnIttxv8HbcLgsd1Gus5psdrvV44dixP+MHDkBYdxtG9+V:2uWP/BZUyoLu8Agsmxwrvejkd2
Score10/10-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-