Overview

overview

10

Static

static

10

XWorm-RAT-...ox.dll

windows7-x64

1

XWorm-RAT-...ox.dll

windows10-2004-x64

1

XWorm-RAT-...er.bat

windows7-x64

5

XWorm-RAT-...er.bat

windows10-2004-x64

5

XWorm-RAT-...re.dll

windows7-x64

1

XWorm-RAT-...re.dll

windows10-2004-x64

1

XWorm-RAT-...ms.dll

windows7-x64

1

XWorm-RAT-...ms.dll

windows10-2004-x64

1

XWorm-RAT-...I2.dll

windows7-x64

1

XWorm-RAT-...I2.dll

windows10-2004-x64

1

XWorm-RAT-...64.dll

windows7-x64

1

XWorm-RAT-...64.dll

windows10-2004-x64

1

XWorm-RAT-...tm.dll

windows7-x64

3

XWorm-RAT-...tm.dll

windows10-2004-x64

3

XWorm-RAT-...or.dll

windows7-x64

1

XWorm-RAT-...or.dll

windows10-2004-x64

1

XWorm-RAT-...DP.dll

windows7-x64

1

XWorm-RAT-...DP.dll

windows10-2004-x64

1

XWorm-RAT-...NC.dll

windows7-x64

1

XWorm-RAT-...NC.dll

windows10-2004-x64

1

XWorm-RAT-...ry.dll

windows7-x64

1

XWorm-RAT-...ry.dll

windows10-2004-x64

1

XWorm-RAT-...ps.dll

windows7-x64

1

XWorm-RAT-...ps.dll

windows10-2004-x64

1

XWorm-RAT-...ns.dll

windows7-x64

1

XWorm-RAT-...ns.dll

windows10-2004-x64

1

XWorm-RAT-...er.dll

windows7-x64

1

XWorm-RAT-...er.dll

windows10-2004-x64

1

XWorm-RAT-...ps.dll

windows7-x64

1

XWorm-RAT-...ps.dll

windows10-2004-x64

1

XWorm-RAT-...ox.dll

windows7-x64

1

XWorm-RAT-...ox.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    XWorm-RAT-V5.6-Free-main.zip

  • Size

    25.9MB

  • Sample

    240830-m1fwza1hqk

  • MD5

    b117af25c2391f004907e9be859b187f

  • SHA1

    18cb3998f81b31ab47f7529fc5a7c3fa8416d785

  • SHA256

    97166c6242b11aa3ea4cad66ff62fe23b37633442ff2f1772f3c6631c40cd84b

  • SHA512

    7ac7d7663a1e1ea42853f0abb81d3201a1e8273f5a566f1e9f4b0f7f6518689bb38a097450ce4aa4cad7461bf804d4dc95860ca41549b08d0f7139af71912881

  • SSDEEP

    786432:LyNjLDNnx2+4NY0bphQ7DH8RV9K2Lufq+lzV5ytifYWHNrs:sLDNnxV4i0bph6u+S+lBO

Score
10/10
agentteslastormkittydiscovery

Malware Config

Targets

    • Target

      XWorm-RAT-V5.6-Free-main/FastColoredTextBox.dll

    • Size

      333KB

    • MD5

      b746707265772b362c0ba18d8d630061

    • SHA1

      4b185e5f68c00bef441adb737d0955646d4e569a

    • SHA256

      3701b19ccdac79b880b197756a972027e2ac609ebed36753bd989367ea4ef519

    • SHA512

      fd67f6c55940509e8060da53693cb5fbac574eb1e79d5bd8f9bbd43edbd05f68d5f73994798a0eed676d3e583e1c6cde608b54c03604b3818520fa18ad19aec8

    • SSDEEP

      6144:4FErOIif3RzSHh+20lXs1TzCeBcQeDbNlz7:eEeR52bmeh0n

    Score
    1/10
    behavioral1behavioral2

    • Target

      XWorm-RAT-V5.6-Free-main/Fixer.bat

    • Size

      116B

    • MD5

      436b794a3a1b1175592bb9926cacbd51

    • SHA1

      07826990519db023bd07d0e65382dac695e6a3be

    • SHA256

      f6b5c26697b2f8a67f5623ce155453800e37cecafe16aeea8ccb746012add8be

    • SHA512

      d8a55a658a80ceb0bb143c63a23550cd365ed08100804ef727b52939db7c8a93e3ef68869eaf9eb52f9e9a1ae66ca6cfef4092c5a33ea2655baa13ee071b5d7f

    Score
    5/10

    • Drops file in System32 directory

    behavioral3behavioral4

    • Target

      XWorm-RAT-V5.6-Free-main/GMap.NET.Core.dll

    • Size

      2.9MB

    • MD5

      819352ea9e832d24fc4cebb2757a462b

    • SHA1

      aba7e1b29bdcd0c5a307087b55c2ec0c7ca81f11

    • SHA256

      58c755fcfc65cddea561023d736e8991f0ad69da5e1378dea59e98c5db901b86

    • SHA512

      6a5b0e1553616ea29ec72c12072ae05bdd709468a173e8adbdfe391b072c001ecacb3dd879845f8d599c6152eca2530cdaa2c069b1f94294f778158eaaebe45a

    • SSDEEP

      49152:ot12Gb/hz7ZsK9qY5uyUW57VC4IB1+fXhQ1hyCzMw/22fSg7gjxhUE/nbTC0xemh:oLbteKb57W1+PhQ1HM1gmJ/SZmh

    Score
    1/10
    behavioral5behavioral6

    • Target

      XWorm-RAT-V5.6-Free-main/GMap.NET.WindowsForms.dll

    • Size

      147KB

    • MD5

      32a8742009ffdfd68b46fe8fd4794386

    • SHA1

      de18190d77ae094b03d357abfa4a465058cd54e3

    • SHA256

      741e1a8f05863856a25d101bd35bf97cba0b637f0c04ecb432c1d85a78ef1365

    • SHA512

      22418d5e887a6022abe8a7cbb0b6917a7478d468d211eecd03a95b8fb6452fc59db5178573e25d5d449968ead26bb0b2bfbfada7043c9a7a1796baca5235a82b

    • SSDEEP

      3072:k1GmgYqIY/0YSDBRGlDUqL63budipxj64m8HWYh3vHbFwMhLJSb+:lIO6rGloqL63qW62lJ

    Score
    1/10
    behavioral7behavioral8

    • Target

      XWorm-RAT-V5.6-Free-main/Guna.UI2.dll

    • Size

      1.9MB

    • MD5

      bcc0fe2b28edd2da651388f84599059b

    • SHA1

      44d7756708aafa08730ca9dbdc01091790940a4f

    • SHA256

      c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef

    • SHA512

      3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8

    • SSDEEP

      24576:FIVZLRYIVQd9INo3FDbWX7SsOobBTEAjg+m+ZFNwaxwGoHQ/jzK+:+oWodbi9XFEAjg+m+ZFKaxw

    Score
    1/10
    behavioral10behavioral9

    • Target

      XWorm-RAT-V5.6-Free-main/HVMRun64.dll

    • Size

      3.8MB

    • MD5

      1e3c5c89aa1686a3cec178b5d2d8c078

    • SHA1

      bc0ac155dcc27c2aa78c1476001f68522bbdddd8

    • SHA256

      941ce28080de69204e5a92b3d859fdfcd968a02bb4c47f979f9b4b3b5ec1e943

    • SHA512

      664c56e307ac4d49c6f409b59097363147e189735e26ce5a07ddb7b5f2709db1998d33d695492ad45d5566c1219dc61049016c526f1c81df5eb0e5c758d49a21

    • SSDEEP

      49152:GDrzX7Dn/6QCoUH33CFi6u2DQOOJIxrtJRQqZHbUB69+2mmhLTjVn4UUeHz4lgCr:2rmQzi3CFigOErlZQB6Bv94UGlgLuf

    Score
    1/10
    behavioral11behavioral12

    • Target

      XWorm-RAT-V5.6-Free-main/HVMRuntm.dll

    • Size

      1.9MB

    • MD5

      655f40e1ef342c5ab91373077b747a43

    • SHA1

      a9f2c0de4e00c9ac429b5cbf8dfaa7d077e7cbc3

    • SHA256

      9deb651c2f89b33246bccdbf359763b70196e44c70a47159882fb95d8180364d

    • SHA512

      f6198bf7cff3dd93a886d446a126bc4c46c320706e7e99f5cf91442f0186f2a6a54505e90a882d72f4e6dda8f375d89f0b1a8456565a478d699eee116a500f06

    • SSDEEP

      49152:hrI5EFHRTeHhhqKkkEKnT+8MRTqfe04fQfEYPkOs4:xFgBNn68MRE4fXlJ4

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      XWorm-RAT-V5.6-Free-main/IconExtractor.dll

    • Size

      10KB

    • MD5

      640d8ffa779c6dd5252a262e440c66c0

    • SHA1

      3252d8a70a18d5d4e0cc84791d587dd12a394c2a

    • SHA256

      440912d85d2f98bb4f508ab82847067c18e1e15be0d8ecdcff0cc19327527fc2

    • SHA512

      e12084f87bd46010aded22be30e902c5269a6f6bc88286d3bef17c71d070b17beada0fe9e691a2b2f76202b5f9265329f6444575f89aff8551c486eafe4d5f32

    • SSDEEP

      192:7f77J4cGYyfQknxLvIgyLY5xJeU5pPpZlEAs:HS2yINgyLYLJR5wl

    Score
    1/10
    behavioral15behavioral16

    • Target

      XWorm-RAT-V5.6-Free-main/Plugins/HRDP.dll

    • Size

      1.7MB

    • MD5

      f27b6e8cf5afa8771c679b7a79e11a08

    • SHA1

      6c3fcf45e35aaf6b747f29a06108093c284100da

    • SHA256

      4aa18745a5fddf7ec14adaff3ad1b4df1b910f4b6710bf55eb27fb3942bb67de

    • SHA512

      0d84966bbc9290b04d2148082563675ec023906d58f5ba6861c20542271bf11be196d6ab24e48372f339438204bd5c198297da98a19fddb25a3df727b5aafa33

    • SSDEEP

      24576:3rKxoVT2iXc+IZ++6WiaTAsN/3ebTvK+63CWH8iA/iD2hgPjcC8SVdKumYr7:WHZ5pdqYH8ia6GcKuR7

    Score
    1/10
    behavioral17behavioral18

    • Target

      XWorm-RAT-V5.6-Free-main/Plugins/HVNC.dll

    • Size

      58KB

    • MD5

      30eb33588670191b4e74a0a05eecf191

    • SHA1

      08760620ef080bb75c253ba80e97322c187a6b9f

    • SHA256

      3a287acb1c89692f2c18596dd4405089ac998bb9cf44dd225e5211923d421e96

    • SHA512

      820cca77096ff2eea8e459a848f7127dc46af2e5f42f43b2b7375be6f4778c1b0e34e4aa5a97f7fbabe0b53dcd351d09c231bb9afedf7bcec60d949918a06b97

    • SSDEEP

      768:XsKVHERYe3lgPPTxOEUyP82P6mUrYrthCO7h2ORS9SQdHfiLpmbG8p:8K1ERYe0TEE3P82P1EMS36Kp

    Score
    1/10
    behavioral19behavioral20

    • Target

      XWorm-RAT-V5.6-Free-main/Plugins/HVNCMemory.dll

    • Size

      39KB

    • MD5

      065f0830d1e36f8f44702b0f567082e8

    • SHA1

      724c33558fcc8ecd86ee56335e8f6eb5bfeac0db

    • SHA256

      285b462e3cd4a5b207315ad33ee6965a8b98ca58abb8d16882e4bc2d758ff1a4

    • SHA512

      bac0148e1b78a8fde242697bff1bbe10a18ffab85fdced062de3dc5017cd77f0d54d8096e273523b8a3910fe17fac111724acffa5bec30e4d81b7b3bd312d545

    • SSDEEP

      768:EofXMCBlQ6Kms0n6GE30IU1YKtq9oQog1zq/xPP7:EyXTa6hEZU1YKwo8Uj

    Score
    1/10
    behavioral21behavioral22

    • Target

      XWorm-RAT-V5.6-Free-main/Plugins/HiddenApps.dll

    • Size

      45KB

    • MD5

      ba2141a7aefa1a80e2091bf7c2ca72db

    • SHA1

      9047b546ce9c0ea2c36d24a10eb31516a24a047d

    • SHA256

      6a098f5a7f9328b35d73ee232846b13e2d587d47f473cbc9b3f1d74def7086ea

    • SHA512

      91e43620e5717b699e34e658d6af49bba200dcf91ac0c9a0f237ec44666b57117a13bc8674895b7a9cac5a17b2f91cdc3daa5bcc52c43edbabd19bc1ed63038c

    • SSDEEP

      768:aEN0W4dmvWt9VG2LqIvwYGYRpXpWk/x0qqBi3qMG0gpfN3ffiCIT:SdmvWHVGMVwtYRtpl/x5qIXdEdXiCK

    Score
    1/10
    behavioral23behavioral24

    • Target

      XWorm-RAT-V5.6-Free-main/Plugins/Informations.dll

    • Size

      22KB

    • MD5

      67a884eeb9bd025a1ef69c8964b6d86f

    • SHA1

      97e00d3687703b1d7cc0939e45f8232016d009d9

    • SHA256

      cba453460be46cfa705817abbe181f9bf65dca6b6cea1ad31629aa08dbeaf72b

    • SHA512

      52e852021a1639868e61d2bd1e8f14b9c410c16bfca584bf70ae9e71da78829c1cada87d481e55386eec25646f84bb9f3baee3b5009d56bcbb3be4e06ffa0ae7

    • SSDEEP

      384:SCUEeL4D574MvGjydqXwxDJop0n3TmyxhxJNgSg4PbOFsK:SCXeL4DSjydqXwx1FjfNfwr

    Score
    1/10
    behavioral25behavioral26

    • Target

      XWorm-RAT-V5.6-Free-main/Plugins/Keylogger.dll

    • Size

      17KB

    • MD5

      246f7916c4f21e98f22cb86587acb334

    • SHA1

      b898523ed4db6612c79aad49fbd74f71ecdbd461

    • SHA256

      acfe5c3aa2a3bae3437ead42e90044d7eee972ead25c1f7486bea4a23c201d3a

    • SHA512

      1c256ca9b9857e6d393461b55e53175b7b0d88d8f3566fd457f2b3a4f241cb91c9207d54d8b0867ea0abd3577d127835beb13157c3e5df5c2b2b34b3339bd15d

    • SSDEEP

      192:rJV/HNfwK5RSpyv3RIw9RtO1Lnq4Ur1XneDN6IW1Y6Uph1KzaA0UbnnSLWqV:fFl5Rp3RntMO4U5uD8Upml0yhqV

    Score
    1/10
    behavioral27behavioral28

    • Target

      XWorm-RAT-V5.6-Free-main/Plugins/Maps.dll

    • Size

      15KB

    • MD5

      806c3802bfd7a97db07c99a5c2918198

    • SHA1

      088393a9d96f0491e3e1cf6589f612aa5e1df5f8

    • SHA256

      34b532a4d0560e26b0d5b81407befdc2424aacc9ef56e8b13de8ad0f4b3f1ab6

    • SHA512

      ed164822297accd3717b4d8e3927f0c736c060bb7ec5d99d842498b63f74d0400c396575e9fa664ad36ae8d4285cfd91e225423a0c77a612912d66ea9f63356c

    • SSDEEP

      192:E0XOBqmqKYNg/ymxa07XW5U6chariK8GtnNK7gGteb1/C9T6IW14X/bmjIAd2vLV:mBqmqunYL6thaujK4jtepa9BX/bY1h2

    Score
    1/10
    behavioral29behavioral30

    • Target

      XWorm-RAT-V5.6-Free-main/Plugins/MessageBox.dll

    • Size

      14KB

    • MD5

      7db8b7e15194fa60ffed768b6cf948c2

    • SHA1

      3de1b56cc550411c58cd1ad7ba845f3269559b5c

    • SHA256

      bc09b671894c9a36f4eca45dd6fbf958a967acea9e85b66c38a319387b90dd29

    • SHA512

      e7f5430b0d46f133dc9616f9eeae8fb42f07a8a4a18b927dd7497de29451086629dfc5e63c0b2a60a4603d8421c6570967c5dbde498bb480aef353b3ed8e18a1

    • SSDEEP

      384:56lIcAn3tURnUKCvUUVT/95gG3UX/NZSQW9:56lIL3tUSvbVa/NZG

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

agentteslastormkitty
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
5/10

behavioral4

Score
5/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10