Overview
overview
10Static
static
10XWorm V5.2...ps.dll
windows10-1703-x64
1XWorm V5.2...ns.dll
windows10-1703-x64
1XWorm V5.2...er.dll
windows10-1703-x64
1XWorm V5.2...ps.dll
windows10-1703-x64
1XWorm V5.2...ox.dll
windows10-1703-x64
1XWorm V5.2...ne.dll
windows10-1703-x64
1XWorm V5.2...sk.dll
windows10-1703-x64
1XWorm V5.2...ns.dll
windows10-1703-x64
1XWorm V5.2...me.dll
windows10-1703-x64
1XWorm V5.2...ce.dll
windows10-1703-x64
1XWorm V5.2...er.dll
windows10-1703-x64
1XWorm V5.2...ms.dll
windows10-1703-x64
1XWorm V5.2...re.dll
windows10-1703-x64
1XWorm V5.2...ry.dll
windows10-1703-x64
1XWorm V5.2...it.dll
windows10-1703-x64
1XWorm V5.2...op.dll
windows10-1703-x64
1XWorm V5.2...xy.dll
windows10-1703-x64
1XWorm V5.2...PE.dll
windows10-1703-x64
1XWorm V5.2...er.dll
windows10-1703-x64
1XWorm V5.2...ll.dll
windows10-1703-x64
1XWorm V5.2...er.dll
windows10-1703-x64
1XWorm V5.2...er.dll
windows10-1703-x64
1XWorm V5.2...ns.dll
windows10-1703-x64
1XWorm V5.2...ss.dll
windows10-1703-x64
1XWorm V5.2...er.dll
windows10-1703-x64
1XWorm V5.2...nd.dll
windows10-1703-x64
1XWorm V5.2...am.dll
windows10-1703-x64
1XWorm V5.2/RVGLib.dll
windows10-1703-x64
1XWorm V5.2...or.dll
windows10-1703-x64
1XWorm V5.2....2.exe
windows10-1703-x64
10XWorm V5.2...32.exe
windows10-1703-x64
7XWorm V5.2...64.exe
windows10-1703-x64
7General
-
Target
XWorm V5.2.rar
-
Size
32.3MB
-
Sample
240503-ph7m3sgc33
-
MD5
6672fdcad8a6ceafeba47ceb3f6ef31c
-
SHA1
276083004a8005157968630bda1c864bd71e0c8e
-
SHA256
14a4f6c9137eee4c24fe5c52dae6bc82fecb9b8e832742b5b40f734e6e842a5a
-
SHA512
fa06517933da50ee03f4e62f47bde26f6c109bb2b464fab1cd2668ead88d6ae5ab1b407b698e606ca6034f6223c813638f2245f3cf81dfd58cb5ce7a05b7130a
-
SSDEEP
786432:Ay7edM3wBHSVCp3K7YepeEJfi2Ij5kNJuaaJxyXzmz:jedM3wtSVCp7crfi3jYPnjmz
Behavioral task
behavioral1
Sample
XWorm V5.2/Plugins/HiddenApps.dll
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
XWorm V5.2/Plugins/Informations.dll
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
XWorm V5.2/Plugins/Keylogger.dll
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
XWorm V5.2/Plugins/Maps.dll
Resource
win10-20240404-en
Behavioral task
behavioral5
Sample
XWorm V5.2/Plugins/MessageBox.dll
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
XWorm V5.2/Plugins/Microphone.dll
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
XWorm V5.2/Plugins/Ngrok-Disk.dll
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
XWorm V5.2/Plugins/Options.dll
Resource
win10-20240404-en
Behavioral task
behavioral9
Sample
XWorm V5.2/Plugins/Pastime.dll
Resource
win10-20240404-en
Behavioral task
behavioral10
Sample
XWorm V5.2/Plugins/Performance.dll
Resource
win10-20240404-en
Behavioral task
behavioral11
Sample
XWorm V5.2/Plugins/ProcessManager.dll
Resource
win10-20240404-en
Behavioral task
behavioral12
Sample
XWorm V5.2/Plugins/Programs.dll
Resource
win10-20240404-en
Behavioral task
behavioral13
Sample
XWorm V5.2/Plugins/Ransomware.dll
Resource
win10-20240404-en
Behavioral task
behavioral14
Sample
XWorm V5.2/Plugins/Recovery.dll
Resource
win10-20240404-en
Behavioral task
behavioral15
Sample
XWorm V5.2/Plugins/Regedit.dll
Resource
win10-20240404-en
Behavioral task
behavioral16
Sample
XWorm V5.2/Plugins/RemoteDesktop.dll
Resource
win10-20240404-en
Behavioral task
behavioral17
Sample
XWorm V5.2/Plugins/ReverseProxy.dll
Resource
win10-20240404-en
Behavioral task
behavioral18
Sample
XWorm V5.2/Plugins/RunPE.dll
Resource
win10-20240404-en
Behavioral task
behavioral19
Sample
XWorm V5.2/Plugins/ServiceManager.dll
Resource
win10-20240404-en
Behavioral task
behavioral20
Sample
XWorm V5.2/Plugins/Shell.dll
Resource
win10-20240404-en
Behavioral task
behavioral21
Sample
XWorm V5.2/Plugins/StartupManager.dll
Resource
win10-20240404-en
Behavioral task
behavioral22
Sample
XWorm V5.2/Plugins/Stealer.dll
Resource
win10-20240404-en
Behavioral task
behavioral23
Sample
XWorm V5.2/Plugins/TCPConnections.dll
Resource
win10-20240404-en
Behavioral task
behavioral24
Sample
XWorm V5.2/Plugins/UACBypass.dll
Resource
win10-20240404-en
Behavioral task
behavioral25
Sample
XWorm V5.2/Plugins/VB.NET Compiler.dll
Resource
win10-20240404-en
Behavioral task
behavioral26
Sample
XWorm V5.2/Plugins/WSound.dll
Resource
win10-20240404-en
Behavioral task
behavioral27
Sample
XWorm V5.2/Plugins/WebCam.dll
Resource
win10-20240404-en
Behavioral task
behavioral28
Sample
XWorm V5.2/RVGLib.dll
Resource
win10-20240404-en
Behavioral task
behavioral29
Sample
XWorm V5.2/SimpleObfuscator.dll
Resource
win10-20240404-en
Behavioral task
behavioral30
Sample
XWorm V5.2/XWorm V5.2.exe
Resource
win10-20240404-en
Behavioral task
behavioral31
Sample
XWorm V5.2/XWormLoader 5.2 x32.exe
Resource
win10-20240404-en
Behavioral task
behavioral32
Sample
XWorm V5.2/XWormLoader 5.2 x64.exe
Resource
win10-20240404-en
Malware Config
Targets
-
-
Target
XWorm V5.2/Plugins/HiddenApps.dll
-
Size
45KB
-
MD5
c5efa70a04a026b9a2fa97b1ea43e840
-
SHA1
aab2de0ab74c12e04256ff2b113b062dc93179e6
-
SHA256
f9ef7709f34e944d99ca5bef6af1524d7cf3889894084b7ae61e9202f267a728
-
SHA512
1348d4ebd3ac5b56eb32820ee14f9aee20a43b7dc3d06dd7fd62c8f227b12a27d0c0376c7d858e78315cd92d17e588bc2e37648c04d146530db706e8b3c4ff1d
-
SSDEEP
768:zy37gsdDvMZ9+rdm2KExqbMYRQpWk/x0qqBi3X/G0gpfN3ff2oA:idDvML+r/rqbMYRQpl/x5qI/dEdX2J
Score1/10 -
-
-
Target
XWorm V5.2/Plugins/Informations.dll
-
Size
22KB
-
MD5
310ba7a07953ed7f783e89bcff6197e3
-
SHA1
147aa53e0d7cb027e6c67fa50fcb0dc0c770e157
-
SHA256
b10616eb3f5e4b0ceffc696179cdb616c78ef970dedbac10845a39985c91a38a
-
SHA512
554ead0f700dd617eed6055a84ecad288c4779ab20206e7434a8f3443a03a95a501014cd52390eb57570c25ea2bd7a298b96e88e8550d10b2a5db4f9633af529
-
SSDEEP
384:24svJAz5thUNHcxxypeGQ/0n3TmyxhxJNSLSg4RjjoZ:24suz/LypeGQEjfNSQM
Score1/10 -
-
-
Target
XWorm V5.2/Plugins/Keylogger.dll
-
Size
17KB
-
MD5
40ba99b80654259d0428c7e4f3645948
-
SHA1
8fa93e0f035694cd8e420aa2232aca859b3a2a6b
-
SHA256
3361bb2309e4ee31f14081bc170ac530e2ae9d1336026e736190a0304e2e77e4
-
SHA512
fc1deb29eea114e5a472102a51d49fa253a5c79821acffa930b30089ebecec4312437d4720b46e92149be2ce69aed57dc3939621a596ed6c413397363fa44ee7
-
SSDEEP
192:uCK9HKDyS0+NKdUxEIj1aq8fgYO1Lnq4Ur1XneDN6IW1Y6Up91KNN10UbnnSL2CV:K5Oe+4dw1IDMO4U5uD8Upih0yZCV
Score1/10 -
-
-
Target
XWorm V5.2/Plugins/Maps.dll
-
Size
15KB
-
MD5
b74f037f6c6de44e817660922a3044fc
-
SHA1
eb5acc30d3f607193bd819e8c0cdaaf70295c5b4
-
SHA256
ccb32961b904a22c2531313ed7c3733d7288daab181074f034eb4c73a0958a65
-
SHA512
a547961b87ecdbc0f9bf02381f16e03795dc73eda744a86da2cc07c97d7f1b65642971347d1ca69f36ead63c3b9078b6e0f2ecb4b6f2178a3b9a62f3ffb76579
-
SSDEEP
384:/HC+Q4WPRdJElcjp8J4jtepa9BX/bS9E2:/HCbRdWle2C5x/u6
Score1/10 -
-
-
Target
XWorm V5.2/Plugins/MessageBox.dll
-
Size
15KB
-
MD5
bde9c12607827e21c64e1d64033043b5
-
SHA1
d980614dda65f1f4c3a73d1f9c8162e597fcac4e
-
SHA256
2170fe155b56e362500ece32013bbf8d45d5dc93e689ab33d3612066c7450f75
-
SHA512
e015d9b915b748d1683c18621919161f9d495221c9bf788b661e3eeab60320ee0b0d9d64a393fafa47b521b484f0af2c9948f6dac0a9b7ef1e8910571e7e98eb
-
SSDEEP
192:kpDQ4tBCjRD6W2Y7gF/OF2glT/9r169G3m6IW1mX/j0rsVHvJsJtDdZKML2vW9:0QcRW2UVT/95gG3UX/j0ZyvW9
Score1/10 -
-
-
Target
XWorm V5.2/Plugins/Microphone.dll
-
Size
540KB
-
MD5
747554e4ca902a8d18b797c2edcb43ed
-
SHA1
508d7c9f0b031a352a1a1f25d4c6abf4167392d5
-
SHA256
1f135bc57ea4f44bf8a37d66b42788bed5aba753c5cbd0b4d3349ede64abfc59
-
SHA512
deb3f480dc7febb1d9ff4ccdb1dd04d83e9fbe7e74fb0dd39d103dbe85fa0c434407ab032e9bca027e38a0f482d08308513cd821b09dc08aafafd905e97126fd
-
SSDEEP
6144:yF8i30ykMPoxBemtSQvAVYm8Ou/JgtKMV6fb78+Ommg8YCQ18aFgRWAdoYCY8gQg:uP32emtLAV8OXebgreL7AwuaruedUB
Score1/10 -
-
-
Target
XWorm V5.2/Plugins/Ngrok-Disk.dll
-
Size
7.0MB
-
MD5
4443f2173682ef836df2f89e1b44296e
-
SHA1
1b0db6530eb5c5404af614143f464d663382c2e4
-
SHA256
01e170bc479dc22cec4658a39067e001a72a974a4e562aca01162f82decd20b6
-
SHA512
7bb8df753fc3636d3b01f2145c1df553b34a427a9e07d4c563a1fb2e23480ba2d609658d6ca2c4deaa386feff8af741397a3cbdb15c28157c4cf4ba8244fb61f
-
SSDEEP
196608:+CsxED7kwTV6B/nCR7+AA3e5MryK5Rj1Bpw7Vdjz8wEO+Dl:+TED7/VEqt/A3TryARj1BpwLktl
Score1/10 -
-
-
Target
XWorm V5.2/Plugins/Options.dll
-
Size
30KB
-
MD5
b0ebfc762fd2a7511e819336524551ea
-
SHA1
b3657c8edc6b9231d16b49bec11f01983d965495
-
SHA256
bf2978e31b7a1612255ff79217481374ea2ae976c2b8c270ec3eb5324251d8d7
-
SHA512
2adfff3089ac551ba057f2b4b2d208255a4558abb2761b39fd9cc10f37313386fdc1307fffb80777e0a1b6c1d1dbabf61b26cbff8592e77f982453679145822d
-
SSDEEP
768:DLxkuz7dDWH839iybgkf/sGRNW9s9dhjcI:DLNHqUPbgQsGRNW9s9
Score1/10 -
-
-
Target
XWorm V5.2/Plugins/Pastime.dll
-
Size
17KB
-
MD5
178627a4b30c54d20e5a59049b5af211
-
SHA1
5ae226eb92df19cb693764509b953bf1dbfeffcd
-
SHA256
c3ffa5aedbfe2c83e68d7b70afd1adb590801da429c3a5d4fd6da18116ab0cc9
-
SHA512
75e9684378f5155f228a75c03cb517257e7e04cddf9762e7e5b348f7b30482a9c750cb0285e28279dc9ef740c3ce759e4ebfb4e3efddd094daab7eb3bdf713c8
-
SSDEEP
384:zEoxsRLvyUi4U4R7XonhJAH+epi5zOY7//Zl3sA8/fT1:zEoKVvri4UA7YnEnwr/8A8/fh
Score1/10 -
-
-
Target
XWorm V5.2/Plugins/Performance.dll
-
Size
16KB
-
MD5
d447b98bf277020e48a04d2771b190ba
-
SHA1
a9b312d1d858e06156eecab2cd97d246a37822e8
-
SHA256
57af9bb212361e2dbfe97a784beb2f978426b42f9ea0986f74c8fbfebb630f13
-
SHA512
8c58bf90c5433005d7e3c8a871171dd5fbc558947d5ce387351fa7625ed6bf2a6b72afa91f8d3c7243c5e950467855838f27b6356266074321204347cded15a1
-
SSDEEP
384:+fCyikE3df5r1XTgOw2QxHN7yVpBKUqa:xdx5DKHClJ
Score1/10 -
-
-
Target
XWorm V5.2/Plugins/ProcessManager.dll
-
Size
17KB
-
MD5
12630688eb6538b34e5a392cde76ec09
-
SHA1
add2c24ef79657f47693995b1ddb2c760520670a
-
SHA256
8dbffc8d2928cc2fe3dc67b071619419bd4e21506bf8d8b66bbdef54101953d3
-
SHA512
24da487f34fbad245f64f86b88db8c61041e80956c2befe859903ece46905ded09e90e08f2d148316947dde8a4990bd1c944ad36a96930b197769dab025689e0
-
SSDEEP
384:KdfDSm8iGh5I84ZQsCH97/Y5gLCEYptkpnrDhDK4TkAvfsxfZLnVb:KdfDV8iwmyhlYATkAv0H
Score1/10 -
-
-
Target
XWorm V5.2/Plugins/Programs.dll
-
Size
13KB
-
MD5
c730d22a23fb8ec58f51116e54ac4cc4
-
SHA1
45c4b19479d6e58736630db5405dd58450a601dc
-
SHA256
4bfe2b70271956dbcf08086ff04bc36a23928d974469ffeaca97ed5ad5b6dcfb
-
SHA512
da5d553e1e470958db4565699f0d2a58c9ab8a653b34003fd33758ed85f1a4f3c027064fcd0c24dae3ba88f7adc22f9b45ff55c22e2b29cbc0cf8f0b7293f7db
-
SSDEEP
384:WA3FIPiu78UTyGS7dnTu5lYTX/1geEedNtb:WA3Mr78UTy5BTp/1sKn
Score1/10 -
-
-
Target
XWorm V5.2/Plugins/Ransomware.dll
-
Size
20KB
-
MD5
e55dfe70871fb442f8b8eea790875a7c
-
SHA1
0f659147ad89de0dadca9d74abb0854ec64ae403
-
SHA256
b0ccb9a2bef7fd24d7f31bb70a8516129a099b47d2564f9f18cb0d87144fc5da
-
SHA512
daf5fc4a89d841a04b2b6fd8e516d7efa3baa08710af6ff85c57771d99a2ee07da4c2482baed9ecdae54e3eca2d840341ee3371a826cf26fb180dfba864e63a8
-
SSDEEP
384:XVSO27QJHvpebFn0LC9Tk7ff2ji+ZMuqI+sHY4k7ENeEDuQZh:XVm7Q1vpebF0LC9TqH2Mj74tqg
Score1/10 -
-
-
Target
XWorm V5.2/Plugins/Recovery.dll
-
Size
1.1MB
-
MD5
be590ee7d8c0366cc28c200308ba0823
-
SHA1
0fa6c6ca44893c45f115e446566f0d4dcf5168d6
-
SHA256
a81e4efc2c85a4f8fed46b9b0f3bd3c2a750a3047ae7ce5b29f21df52d85dfbb
-
SHA512
cbbb4c62d703bf8dd0e0e34b438401710c1bd62c82f71060483f4a84dfaa802a9b0d39b904d6f77cf4ef0b630f173f66f349497d53a6039c640e0f4301e26041
-
SSDEEP
12288:M2uX3iDoOeiWYcW3GFNFfcaFeFOFwcGF6cmFWc0FWc8cIcKcUFJFpcNcHc7cbchk:PNeiWYtc/5/jbOE8ULrFmCCo
Score1/10 -
-
-
Target
XWorm V5.2/Plugins/Regedit.dll
-
Size
15KB
-
MD5
d92b2e7472ec9cb8b803bc039558c828
-
SHA1
0ca9e950b5ef64e3cdd23a31a2b51ad2b82581de
-
SHA256
1989885e6f4f459b4ef37ab11e97ffe8c1598a8189eb3a4110f259357af2414f
-
SHA512
ef4ded6ae8349a58a0745aa55ad96530d028f8137437124b02a80b332e2801447dde2e6e908e48151ee7102868676ef435fe5ecf0ebd980f497435e58e599171
-
SSDEEP
384:1Ak743gHOThJ1ACZMDqYpmewuYvpYrQrfKr9A8/Pj9eZ:1AY4t1AyMD6zY0+A8/P8
Score1/10 -
-
-
Target
XWorm V5.2/Plugins/RemoteDesktop.dll
-
Size
18KB
-
MD5
f4e00005c72b4331eb0e9243346d3e1d
-
SHA1
f8afb37fc362430b4045cd2f22e5a5cdaca43ace
-
SHA256
9bcf8dfc92bc643b9414a446da4632050de1b7577fedf4f7711d3b4b3d46e06d
-
SHA512
7e9be2c2a247a7ee067b156062098a2494113ca935c83a6c8723ee2fe3b7ae15ce5addac5630b8aaba9b12d52896127609f8d7974bb622b79d9a8dddd6c7a155
-
SSDEEP
384:174NEKdUoIdAsQh8onN4dtKSbjt9l/C6m5YxBdJbqJtjS1:1742LJ5E8oyuOJBLSjK
Score1/10 -
-
-
Target
XWorm V5.2/Plugins/ReverseProxy.dll
-
Size
16KB
-
MD5
a4bd2edda7e214bc50ec559c15cf81c1
-
SHA1
1f268ba761ef9dd38d74d3eead9289a2a35d21a4
-
SHA256
9fd3621ffec11e0ad254b37ce4fe527f82461b67cc8d8827532d3573a011e2e3
-
SHA512
b3d8857b0fc31c5fafc8552e54c34b2e463f5dba2d167ecf41e5c22aca8a36ea352a4aa1baac73278c409f975e4c68ecc55e0c085280c62151e7898b59a4bbff
-
SSDEEP
384:wxhzLf8ZkYXVgUzTNnrYFXoRFlS9OPCD:wxhk+YXdfEoRFQ9OPc
Score1/10 -
-
-
Target
XWorm V5.2/Plugins/RunPE.dll
-
Size
11KB
-
MD5
e8f0b68716a0bc4459601623c5c3c757
-
SHA1
261e11edb2ec5b14d8feaf80d6a8e966da1817f8
-
SHA256
0f075f2dd5a41d601329c4bff57ff38302e1da2ad149399f7f2776e640063502
-
SHA512
5539be32acecb59e43eb35ef9971b82764ed6bb5cc50b02ca0921ec30ccbb4d49a743262350ec9860bc669000e6511d3b3dcba0a37a5360f3f6ff4af2bc420bf
-
SSDEEP
192:Wbfqh94qP9XFw3l+JNGGOueq1JtSnIW1fUsezpo7SLOYN:WbChWqPj5jJtGUsezpoHYN
Score1/10 -
-
-
Target
XWorm V5.2/Plugins/ServiceManager.dll
-
Size
14KB
-
MD5
539b869c8fde6159f832e9b851bab6c7
-
SHA1
1e5b134d538d9c2eef53e4ecd04b806f4990cc74
-
SHA256
79ae4fdfc5edc08cea5520fe1e8fc448991903c493a02e9fda407bc825b330e9
-
SHA512
47dc3e66b4e32cb3bc1e2583e852cad7c211defe529d2ed7fce18587b4c1515bd5b5c5720f9ba0c1d9d022ff537abf827ed483e09fe63dfcf05bee4c07434631
-
SSDEEP
384:9Q7lIxrn2dEda+RWUtTZ5nYsSh8ZYUwJjm:9QhIVn2dEdZ9+h8ZY9
Score1/10 -
-
-
Target
XWorm V5.2/Plugins/Shell.dll
-
Size
15KB
-
MD5
cb3bd9515eeccc9042757756ab7dd962
-
SHA1
c562da19fdc78c12685a0b1913bdf74067612b25
-
SHA256
e1cd982074254a8290fac19cd6d657dea80e4e70fb2742dae1137d895c3a09d8
-
SHA512
b1f5b6bea6ec21ae855c92871d396ae5139d028fd9f8e6d23706fc2abb97e3810b5b90ce70f2f399040436d5c4e47d64c5506464b26081fcfcb99dd91d1ac33f
-
SSDEEP
192:3k/C8fflArGr0J4z4sCS2IictD3ROFBLggT051i9Yd6IW1OU1buoFXR1F5cLW8:P81ArGmlS2IRtVUXT0HoYpU1bRFxx8
Score1/10 -
-
-
Target
XWorm V5.2/Plugins/StartupManager.dll
-
Size
189KB
-
MD5
cc42a1c35fa6857707755c4b7eebaade
-
SHA1
ddc1db3a8571e1d5da140f3500e26bf1a03acc03
-
SHA256
28533cf4dc5b93d9ec547c2a7649958e6c3b2906ddc43175af0a94439596bee9
-
SHA512
120c1481566b2c341cb9ffc90c821b1823870b9a671913ff5db9b8802f3fd120570dfe7c9928a038f3bf8a838a63a9ea5b3819a47bdbd9827f1024d79a70cbcb
-
SSDEEP
3072:V2rExorpMoREHBAnpK37nXs83+oQvN74Syoh20K7SLgmRHHLzp+oI:VqrZv8m1gmRnfp
Score1/10 -
-
-
Target
XWorm V5.2/Plugins/Stealer.dll
-
Size
3.3MB
-
MD5
6cf3156c057817473d7d2239f71d2403
-
SHA1
36f45d7a326054e231b77b6021392d35898096ec
-
SHA256
3257ac3031047fcb719a8f82bd54ce42a6d542a97dd0149da08957a0c479e7fc
-
SHA512
3828f10081ef476cce1832ae8b3f68d7efaf539903f9d4f4e6fc4ef19feb87cb2d63409d5057e5d6d4b46e229d9ca10e39917a5c1902c55a3ce01cf18d67526d
-
SSDEEP
49152:1VbwgxmbsO2B7wKOfpUL6GbriHeGAb4TkyNejj2SqE08:1VbFxmbsO2B7wKOxfSf
Score1/10 -
-
-
Target
XWorm V5.2/Plugins/TCPConnections.dll
-
Size
16KB
-
MD5
fad421f5c9feb27d771e9aa9c33a8d16
-
SHA1
f1807d942d08918180f4b8b3ab4d12be167e5634
-
SHA256
44eba556913d0d5ef327e19e98b8ba0e9d37fe720c9defa48124582726bbd234
-
SHA512
f3aa58cfac5db09912aedf2f6a63f7d9feb4b86c2fe0cece9851f7e618571019068e086c328ed5eb83124207818a2d0963139e852136c7a1e66d923870e8dd40
-
SSDEEP
192:LKo8pevV3pE6vGvyj2T/Qfpp/dv/f2OtyEox0GTeA19Z/J6IW1Gz/thYCKKIxLWz:38pevfvGvmxhD2wyzTeej/Zz/pNLv
Score1/10 -
-
-
Target
XWorm V5.2/Plugins/UACBypass.dll
-
Size
10KB
-
MD5
2bb895a2756541eea6da91beb2fde3e9
-
SHA1
da43a05730311acb92c0b2dab8542672394531cb
-
SHA256
145e3437ffc5c875d16d3a14921c81b58f84d86123ae9ec23c3dd69a00c94377
-
SHA512
cc80cf2a52fbb9563aa980df9ccf922ed303b286844e138b95cbb2b0417a3ae26f03dd0a578bdefed223ff77e97c4b2b00da363691e26ff7eed228e35194f91f
-
SSDEEP
192:Vcq0WYKDFxDviOGOko8bZfmgyOYkIW1UZ/Xvjljw2sZgiSL20V:VntNFxOrE8bLyOYBZ/XTsZgU0V
Score1/10 -
-
-
Target
XWorm V5.2/Plugins/VB.NET Compiler.dll
-
Size
15KB
-
MD5
e5799a4f4549c6cbde983435ac8f26ff
-
SHA1
0c1632f4e492a1aefda27681e4a0abda60e47521
-
SHA256
8eb7c894f300b125022b468b9ee2cd1333b6658ecfb73c9af82de847a648b54e
-
SHA512
2ffb7bd4e30fdcd823d62532fa311d1aaea181a8af4984b811f75767ea8d1419ec6738b6b45a03f76a720a8402cc762f6b48e5ad862fbd17af0254c8a0a9be2f
-
SSDEEP
192:4/kjd8kwyGQ0ODx80RqKkI2a255TCOCeJyxlTer1c9gotlF6IW1oXxvKBecGSLWO:Ld8kaOD1RGmOCfeyTe5agIXxvbcYO
Score1/10 -
-
-
Target
XWorm V5.2/Plugins/WSound.dll
-
Size
539KB
-
MD5
4bea05a0f2dd1209ae0142ab85ec376d
-
SHA1
44c417d41cc57e74ee30753e6583b061a00cbd3e
-
SHA256
f6b78afdc14a3c9cc6a54a54b8bef95631e59b47a712ffe2bc416f5f223d329b
-
SHA512
8ff1a47dd8dad4f8a1c1a1fe17623e47d7c90d57684bbbb22d2ebd456002ee5e6b549978750f7940f5b787da20079930b9980ea36e490804f79729265f7e18b1
-
SSDEEP
12288:88AUWhPjkySWFTF75Z/u9dhCkx6bgyn6skW58IIJg9Zmriceu5:7s5FTF76Crbgy6skW584Zmr0u
Score1/10 -
-
-
Target
XWorm V5.2/Plugins/WebCam.dll
-
Size
209KB
-
MD5
0f120604ef985616821459e5ff2feccd
-
SHA1
100bceb7d6c01b574b7089e999bc05ab3fc0847d
-
SHA256
a07f0452fc4b47b53ec48d6c790aa4407aee15ec67320c506ba674a1dae551ef
-
SHA512
d4127d42d61a93e5e02d2e68ca21c91c5ad47e4149e0eecc9902f1daf69a9f52499c16e42bb51993289f5afb7f6f73b76a0d7c4631e8a998aa6c731053385806
-
SSDEEP
3072:NPjWR/jKGR5BfF/g50PBgakLA3LC2FY+EdzYZHAx+dqRN51hdJFxtZV9l5hhJxZM:N7+22fFcgBgakL320zYZHpMXM/yW
Score1/10 -
-
-
Target
XWorm V5.2/RVGLib.dll
-
Size
241KB
-
MD5
d34c13128c6c7c93af2000a45196df81
-
SHA1
664c821c9d2ed234aea31d8b4f17d987e4b386f1
-
SHA256
aaf9fb0158bd40ab562a4212c2a795cb40ef6864042dc12f3a2415f2446ba1c7
-
SHA512
91f4e0e795f359b03595b01cbf29188a2a0b52ab9d64eadd8fb8b3508e417b8c7a70be439940975bf5bdf26493ea161aa45025beb83bc95076ed269e82d39689
-
SSDEEP
6144:4vJ05NPsvienBaRWxomAElbgu6Cqe2ZBePW9J:4u6iABa+iu32ne
Score1/10 -
-
-
Target
XWorm V5.2/SimpleObfuscator.dll
-
Size
1.4MB
-
MD5
9043d712208178c33ba8e942834ce457
-
SHA1
e0fa5c730bf127a33348f5d2a5673260ae3719d1
-
SHA256
b7a6eea19188b987dad97b32d774107e9a1beb4f461a654a00197d73f7fad54c
-
SHA512
dd6fa02ab70c58cde75fd4d4714e0ed0df5d3b18f737c68c93dba40c30376cc93957f8eef69fea86041489546ce4239b35a3b5d639472fd54b80f2f7260c8f65
-
SSDEEP
24576:FDy7cKOfkiRrXP5WtJvW1mpjSWr7uoZme1V86:+8/AtJes1LJ
Score1/10 -
-
-
Target
XWorm V5.2/XWorm V5.2.exe
-
Size
12.2MB
-
MD5
8b7b015c1ea809f5c6ade7269bdc5610
-
SHA1
c67d5d83ca18731d17f79529cfdb3d3dcad36b96
-
SHA256
7fc9c7002b65bc1b33f72e019ed1e82008cc7b8e5b8eaf73fc41a3e6a246980e
-
SHA512
e652913f73326f9d8461ac2a631e1e413719df28c7938b38949c005fda501d9e159554c3e17a0d5826d279bb81efdef394f7fb6ff7289cf296c19e92fd924180
-
SSDEEP
196608:pcWPW6SJ5POYAa23tuQUj7prczC9YNu+/ChWbPP91SDwDrZhd:pce0JtOSSLU3prczy0uqkaIkDtn
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
-
-
Target
XWorm V5.2/XWormLoader 5.2 x32.exe
-
Size
109KB
-
MD5
f3b2ec58b71ba6793adcc2729e2140b1
-
SHA1
d9e93a33ac617afe326421df4f05882a61e0a4f2
-
SHA256
2d74eb709aea89a181cf8dfcc7e551978889f0d875401a2f1140487407bf18ae
-
SHA512
473edcaba9cb8044e28e30fc502a08a648359b3ed0deba85e559fe76b484fc8db0fc2375f746851623e30be33da035cec1d6038e1fcf4842a2afb6f9cd397495
-
SSDEEP
1536:5vjAnXqn2nY7WfRMgPQQrMoqmyVttdGFQeOPigx:5LCan2nY7sdQQAoqmyBeu
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
XWorm V5.2/XWormLoader 5.2 x64.exe
-
Size
109KB
-
MD5
e6a20535b636d6402164a8e2d871ef6d
-
SHA1
981cb1fd9361ca58f8985104e00132d1836a8736
-
SHA256
b461c985b53de4f6921d83925b3c2a62de3bbc5b8f9c02eecd27926f0197fae2
-
SHA512
35856a0268ed9d17b1570d5392833ed168c8515d73fac9f150cf63cc1aea61c096aa2e6b3c8e091a1058ba062f9333f6767e323a37dfb6f4fa7e508a2a138a30
-
SSDEEP
1536:TYogSlNwXosKwOYtV1AS9m3xQyVGNNiLkWNF7XxFqmyVttdGFQeOPigx:TvgSlqGS9m3xQyKNbWNV3qmyBeu
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-