Overview

overview

10

Static

static

10

XWorm-RAT-...ox.dll

windows7-x64

1

XWorm-RAT-...ox.dll

windows10-2004-x64

1

XWorm-RAT-...er.bat

windows7-x64

5

XWorm-RAT-...er.bat

windows10-2004-x64

5

XWorm-RAT-...re.dll

windows7-x64

1

XWorm-RAT-...re.dll

windows10-2004-x64

1

XWorm-RAT-...ms.dll

windows7-x64

1

XWorm-RAT-...ms.dll

windows10-2004-x64

1

XWorm-RAT-...I2.dll

windows7-x64

1

XWorm-RAT-...I2.dll

windows10-2004-x64

1

XWorm-RAT-...64.dll

windows7-x64

1

XWorm-RAT-...64.dll

windows10-2004-x64

1

XWorm-RAT-...tm.dll

windows7-x64

3

XWorm-RAT-...tm.dll

windows10-2004-x64

3

XWorm-RAT-...or.dll

windows7-x64

1

XWorm-RAT-...or.dll

windows10-2004-x64

1

XWorm-RAT-...DP.dll

windows7-x64

1

XWorm-RAT-...DP.dll

windows10-2004-x64

1

XWorm-RAT-...NC.dll

windows7-x64

1

XWorm-RAT-...NC.dll

windows10-2004-x64

1

XWorm-RAT-...ry.dll

windows7-x64

1

XWorm-RAT-...ry.dll

windows10-2004-x64

1

XWorm-RAT-...ps.dll

windows7-x64

1

XWorm-RAT-...ps.dll

windows10-2004-x64

1

XWorm-RAT-...ns.dll

windows7-x64

1

XWorm-RAT-...ns.dll

windows10-2004-x64

1

XWorm-RAT-...er.dll

windows7-x64

1

XWorm-RAT-...er.dll

windows10-2004-x64

1

XWorm-RAT-...ps.dll

windows7-x64

1

XWorm-RAT-...ps.dll

windows10-2004-x64

1

XWorm-RAT-...ox.dll

windows7-x64

1

XWorm-RAT-...ox.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    30-08-2024 10:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    XWorm-RAT-V5.6-Free-main/Fixer.bat

  • Size

    116B

  • MD5

    436b794a3a1b1175592bb9926cacbd51

  • SHA1

    07826990519db023bd07d0e65382dac695e6a3be

  • SHA256

    f6b5c26697b2f8a67f5623ce155453800e37cecafe16aeea8ccb746012add8be

  • SHA512

    d8a55a658a80ceb0bb143c63a23550cd365ed08100804ef727b52939db7c8a93e3ef68869eaf9eb52f9e9a1ae66ca6cfef4092c5a33ea2655baa13ee071b5d7f

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 12 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V5.6-Free-main\Fixer.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Windows\system32\lodctr.exe
      lodctr /r
      2⤵
      • Drops file in System32 directory
      PID:2920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System32\perfc007.dat
    Filesize

    37KB

    MD5

    123ae03ae3801d7cf2e7c25a4f36e20f

    SHA1

    4cfb548aab839cbf904d815f3a93c1d781bd45c3

    SHA256

    966e5204cf91ca573243213c1c8424616d71ce18b77247739b88380df064e82d

    SHA512

    bbbd9659c7785898dcdaa87c68d711e45382e3984d074fb4cc6327a7cfdf4456ed2ef40e921b68faefc1580d20741197cde19c8f33a84583a5eda919964d3ce9

    Download Submit

  • C:\Windows\System32\perfc00A.dat
    Filesize

    44KB

    MD5

    f850f1b81065dd11cbda57dbd8bcb335

    SHA1

    07438c632a9245db13b21c5066e3009669eb0a44

    SHA256

    0bc8428d47a8905ff63238708d614a4b82233d8efe86b28457c3e4e1bb1dfcb8

    SHA512

    41ecef9a6d2a3932079807819802dadd608f0837675fa2de62c3347e179f4ea789743f796ca3a2d08fae9c9a498dcf68a23d12b9a45d0d38f32699b7d059e3cf

    Download Submit

  • C:\Windows\System32\perfc00C.dat
    Filesize

    41KB

    MD5

    87c5b5311b8fcb97d2a4c1c4361e7932

    SHA1

    8cc7fb83de34733179c0affed2b379c63a3fcf2b

    SHA256

    ed97f8215c5bd4960c9c8c1b5ecffaa4f4eb914ea105e1b0c8b0157e64d286fb

    SHA512

    25ae1d06a6e29a8f3cd7b371df5e0ef20200083d9c2b4abf8765d56a97658b10448df7dbced88f87fb9ce4f661c00f0ec5e3bf5ff7f8d88ae6968ec8f00f6875

    Download Submit

  • C:\Windows\System32\perfc010.dat
    Filesize

    36KB

    MD5

    44869cf36f828490c320281ae16d6533

    SHA1

    6426b1a7a38353bc4241669ac0c576749254bb41

    SHA256

    a8328447eb5b4bc9266ae43cd892ce9726138a0c56abb611f52fb01f7ee439d9

    SHA512

    da945df94e4dd1f0095669bcd25f393babccb85ddd84035186ad09bb85e684c6173e8b668c441e51109df5a9b1047a79c18249ed169a04df234d5cbd88ca84ec

    Download Submit

  • C:\Windows\System32\perfc011.dat
    Filesize

    30KB

    MD5

    7aaa3e23ce4c7845b112f7a79b110e60

    SHA1

    5269028c98ffa222f0cde48034d5f74c74dee4ad

    SHA256

    8c850029e558eb1a22429b21a637516cf5d90ca08ff872b19cf7fb03b33af2f5

    SHA512

    e8ea6087b5bf3d54469d9e09bb10d47c06ce4ab0dbda9a7fba8ed348b69c8aa717b9389f82f16768141a417a5abd78e41afd7a5c63e4ada0c458724b37a197eb

    Download Submit

  • C:\Windows\System32\perfh007.dat
    Filesize

    297KB

    MD5

    f152592e96f7ea4af1d4310d71d879b8

    SHA1

    cdbb8a27c9a3032efb671e559d16e0c094f9a069

    SHA256

    9e3719964abd3d432b86e30c03c413ca6b4445d694a972fcbb4d8cf70f3ab45a

    SHA512

    6a382130f91668af9ae75f0a9a7fdb5a0b829f2b884bc44c9cd6571f70d31f12e75e12ee1cb8f3fa35a51664ebfe56d417cc7fe2348e0750ea8393dc1a02a285

    Download Submit

  • C:\Windows\System32\perfh009.dat
    Filesize

    291KB

    MD5

    acddaab80c49fdf44e766611c5aef1f6

    SHA1

    5414b18fcc1c6964c76f1e63d4074892e1595934

    SHA256

    75424ee1e458b33203f014e4e80959706eef363a60bc5ec3f96e9e67a9ff12ac

    SHA512

    0c95efac0c6ce1739da4f35831d50dca6f51ca5de0f85de94425e4571c574404c833fe506a3acca036a8e18c5f80f456b1d600171fce07326a02e983f7fc29b7

    Download Submit

  • C:\Windows\System32\perfh00A.dat
    Filesize

    342KB

    MD5

    fcf985c23d897c2021354b576bc055fc

    SHA1

    59e0489e6bc22cd4ac107bd17e1e326f54cdc184

    SHA256

    ff470f677e635a5bf438f58a4fbbaf4684a04525aeb18fee7d32df0cd8acb8cf

    SHA512

    5e7fdf3c71ad0bb879d4a9c707461103017bc8443ece70b559e6be77a668752ad63d638910e0b97b133b4a6e8279722855802eb17fa67891654d53a72850db6f

    Download Submit

  • C:\Windows\System32\perfh00C.dat
    Filesize

    343KB

    MD5

    8c82726d59fa6169add2b6403d73cca1

    SHA1

    3b023d1301a8b9e921e97f7461fd6bf9298cf49d

    SHA256

    906ac94bfc88f09201f4197e37ee54212a0e2e7165cb89a6a4ba82870719bf5e

    SHA512

    5f889bff06d7b222e5f93cd431df6d930a36d2a9b2faf96a33209b3ebe382c714a289278d0bdb34847196041386d7911a192115945ddb73318933ad54a3a8e56

    Download Submit

  • C:\Windows\System32\perfh010.dat
    Filesize

    347KB

    MD5

    ee8fa5cfc3a2a88de2a43ab06b4f9ca5

    SHA1

    1399534037e8198fd30dd111a0dbb813e13534b5

    SHA256

    021fe9b24c6f64fa90d3793959429012673ce2a4b6b3f5bdc5c48ff55c9a5930

    SHA512

    9139e269260be7f9d871ae9514ef6a36756d94d74b14ad22bc9f2d471a626c1b572fb0147f85d286ddb2b103d3fe5872335e583492f0aae10a786bf69a04ab78

    Download Submit

  • C:\Windows\System32\perfh011.dat
    Filesize

    154KB

    MD5

    782187cd914885ed571b3dca1c60c53f

    SHA1

    a608aada89c4ef3bace57805965e80855bdedce5

    SHA256

    a74bd71d1c4ce22b988a8ecfbd20fc7f12eda88f1a3a562fbb990f0c31a92ade

    SHA512

    fa0b4fe4de5daac87e44f5605e4c600c6b884aae060c89bba6c6b237fee9c22b811df7174bf5efa45d50e9f1ae221b70ff771008589c7e1ed9f58d68eee91fb5

    Download Submit