Overview
overview
10Static
static
10Xworm-V5.6...ox.dll
windows10-2004-x64
1Xworm-V5.6/Fixer.bat
windows10-2004-x64
1Xworm-V5.6...re.dll
windows10-2004-x64
1Xworm-V5.6...ms.dll
windows10-2004-x64
1Xworm-V5.6...I2.dll
windows10-2004-x64
1Xworm-V5.6...or.dll
windows10-2004-x64
1Xworm-V5.6...ns.dll
windows10-2004-x64
1Xworm-V5.6...er.dll
windows10-2004-x64
1Xworm-V5.6...ps.dll
windows10-2004-x64
1Xworm-V5.6...ox.dll
windows10-2004-x64
1Xworm-V5.6...ne.dll
windows10-2004-x64
1Xworm-V5.6...er.dll
windows10-2004-x64
1Xworm-V5.6...ns.dll
windows10-2004-x64
1Xworm-V5.6...me.dll
windows10-2004-x64
1Xworm-V5.6...ce.dll
windows10-2004-x64
1Xworm-V5.6...es.vbs
windows10-2004-x64
1Xworm-V5.6...or.dll
windows10-2004-x64
1Xworm-V5.6....6.exe
windows10-2004-x64
10Analysis
-
max time kernel
142s -
max time network
281s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-uk -
resource tags
arch:x64arch:x86image:win10v2004-20240709-uklocale:uk-uaos:windows10-2004-x64systemwindows -
submitted
21-07-2024 17:11
Behavioral task
behavioral1
Sample
Xworm-V5.6/FastColoredTextBox.dll
Resource
win10v2004-20240709-uk
Behavioral task
behavioral2
Sample
Xworm-V5.6/Fixer.bat
Resource
win10v2004-20240704-uk
Behavioral task
behavioral3
Sample
Xworm-V5.6/GMap.NET.Core.dll
Resource
win10v2004-20240709-uk
Behavioral task
behavioral4
Sample
Xworm-V5.6/GMap.NET.WindowsForms.dll
Resource
win10v2004-20240709-uk
Behavioral task
behavioral5
Sample
Xworm-V5.6/Guna.UI2.dll
Resource
win10v2004-20240709-uk
Behavioral task
behavioral6
Sample
Xworm-V5.6/IconExtractor.dll
Resource
win10v2004-20240709-uk
Behavioral task
behavioral7
Sample
Xworm-V5.6/Plugins/Informations.dll
Resource
win10v2004-20240709-uk
Behavioral task
behavioral8
Sample
Xworm-V5.6/Plugins/Keylogger.dll
Resource
win10v2004-20240709-uk
Behavioral task
behavioral9
Sample
Xworm-V5.6/Plugins/Maps.dll
Resource
win10v2004-20240709-uk
Behavioral task
behavioral10
Sample
Xworm-V5.6/Plugins/MessageBox.dll
Resource
win10v2004-20240709-uk
Behavioral task
behavioral11
Sample
Xworm-V5.6/Plugins/Microphone.dll
Resource
win10v2004-20240709-uk
Behavioral task
behavioral12
Sample
Xworm-V5.6/Plugins/Ngrok-Installer.dll
Resource
win10v2004-20240709-uk
Behavioral task
behavioral13
Sample
Xworm-V5.6/Plugins/Options.dll
Resource
win10v2004-20240704-uk
Behavioral task
behavioral14
Sample
Xworm-V5.6/Plugins/Pastime.dll
Resource
win10v2004-20240709-uk
Behavioral task
behavioral15
Sample
Xworm-V5.6/Plugins/Performance.dll
Resource
win10v2004-20240709-uk
Behavioral task
behavioral16
Sample
Xworm-V5.6/RES/XWorm.Resources.vbs
Resource
win10v2004-20240709-uk
Behavioral task
behavioral17
Sample
Xworm-V5.6/SimpleObfuscator.dll
Resource
win10v2004-20240709-uk
Behavioral task
behavioral18
Sample
Xworm-V5.6/Xworm 5.6.exe
Resource
win10v2004-20240704-uk
General
-
Target
Xworm-V5.6/RES/XWorm.Resources.vbs
-
Size
1.6MB
-
MD5
34986e38b463873af40f694874c1f6d3
-
SHA1
8fa89cdb7a394cf8093d548ca9db4652c703ee72
-
SHA256
557058bd29a5eb55ef073ea9c4dec0baea1fd3f3f4bf2cdd5ee3dfd33735e93a
-
SHA512
c1b0278e8c21e5c28204f692a5cf5ed16c8ada0c6022d7d38e70905255f3aeb5d2c0fd4549f0ed19ead52aa0ced891a8f9372123bf5e1710be004958750874e4
-
SSDEEP
49152:OsP2WTJcLsk9Pk6gAK6BN2NQUe+ErnuVqjNhHXH:zuWTGLP9Pk6gAK6n4ldyNh3
Malware Config
Signatures
Processes
Network
-
Remote address:8.8.8.8:53Request183.142.211.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request69.31.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request240.143.123.92.in-addr.arpaIN PTRResponse240.143.123.92.in-addr.arpaIN PTRa92-123-143-240deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request55.36.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request58.55.71.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request58.55.71.13.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request26.165.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request171.39.242.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request147.142.123.92.in-addr.arpaIN PTRResponse147.142.123.92.in-addr.arpaIN PTRa92-123-142-147deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request57.169.31.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request43.229.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request93.65.42.20.in-addr.arpaIN PTRResponse
-
73 B 159 B 1 1
DNS Request
183.142.211.20.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
69.31.126.40.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
240.143.123.92.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
55.36.223.20.in-addr.arpa
-
140 B 144 B 2 1
DNS Request
58.55.71.13.in-addr.arpa
DNS Request
58.55.71.13.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
26.165.165.52.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
171.39.242.20.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
147.142.123.92.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
57.169.31.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
43.229.111.52.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
93.65.42.20.in-addr.arpa