General
-
Target
XWorm-RAT-V2.1-main.zip
-
Size
34.0MB
-
Sample
240501-s7hl2ace85
-
MD5
88dfc456336a95ffeac16d9276083b7b
-
SHA1
8949c8c8778bd6412a456212d4ba2707f12e9d7a
-
SHA256
edbdc2e1bed353b533761a069b2d9a563683318fd1657ce09f9be2fa8ccd497a
-
SHA512
988ec72613d155bc362b1c0e0f1ee731f9653947328084e96eb436e7576b8e9c5114e59488216ea4f05d48126c5dbd7e983a02a412755b59b961f15c3ceea5f5
-
SSDEEP
786432:jiIKRjrYlNTspDclWQUF4DQXzTnHB35mjVjYX/BbmLqIZW:efApsGAX0Wh35mj+bY8
Behavioral task
behavioral1
Sample
XWorm-RAT-V2.1-main.zip
Resource
win11-20240419-en
Behavioral task
behavioral2
Sample
XWorm-RAT-V2.1-main/XWorm RAT V2.1/Command Reciever.exe
Resource
win11-20240426-en
Behavioral task
behavioral3
Sample
XWorm-RAT-V2.1-main/XWorm RAT V2.1/XWorm RAT V2.1.exe
Resource
win11-20240426-en
Malware Config
Extracted
xworm
127.0.0.1:7000
PTL0luTCvwKIjDBR
-
install_file
USB.exe
Targets
-
-
Target
XWorm-RAT-V2.1-main.zip
-
Size
34.0MB
-
MD5
88dfc456336a95ffeac16d9276083b7b
-
SHA1
8949c8c8778bd6412a456212d4ba2707f12e9d7a
-
SHA256
edbdc2e1bed353b533761a069b2d9a563683318fd1657ce09f9be2fa8ccd497a
-
SHA512
988ec72613d155bc362b1c0e0f1ee731f9653947328084e96eb436e7576b8e9c5114e59488216ea4f05d48126c5dbd7e983a02a412755b59b961f15c3ceea5f5
-
SSDEEP
786432:jiIKRjrYlNTspDclWQUF4DQXzTnHB35mjVjYX/BbmLqIZW:efApsGAX0Wh35mj+bY8
-
Detect Xworm Payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
XWorm-RAT-V2.1-main/XWorm RAT V2.1/Command Reciever.exe
-
Size
6.5MB
-
MD5
a21db5b6e09c3ec82f048fd7f1c4bb3a
-
SHA1
e7ffb13176d60b79d0b3f60eaea641827f30df64
-
SHA256
67d9b4b35c02a19ab364ad19e1972645eb98e24dcd6f1715d2a26229deb2ccf5
-
SHA512
7caab4f21c33ef90c1104aa7256504ee40ff0a36525b15eb3d48940862346ccf90a16eef87c06d79b0ffd920beb103ed380eae45df8c9286768890b15ed1067c
-
SSDEEP
98304:KAc94bqa9niwFYWLqDuTTTTTTdfPPpWLq+Guf2W2b6F72q0:KAcC9iwFYWuDCPPpWu+GduZ2L
Score1/10 -
-
-
Target
XWorm-RAT-V2.1-main/XWorm RAT V2.1/XWorm RAT V2.1.exe
-
Size
2.2MB
-
MD5
835f081566e31c989b525bccb943569c
-
SHA1
71d04e0a86ce9585e5b7a058beb0a43cf156a332
-
SHA256
ea9258e9975b8925a739066221d996aef19b4ef4f4c91524f82e39d403f25579
-
SHA512
9ec58f8c586ecf78ef8d75debc5dba58544558566423a634724bb5ab192aaf64f9ccbee9a5af48124a3366b2a7d24b4db71bb5743978201b881c08bad8f6fb0c
-
SSDEEP
49152:LdYJMfC7koydmRzCxWO8e89khof23mKijV6WvFw3BAz2tIm0U:qc3vdUEWFySfdw3rtIm
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-