Overview

overview

10

Static

static

10

XWorm-5.6-main.zip

windows10-2004-x64

1

XWorm-5.6-...ources

windows10-2004-x64

3

XWorm-5.6-...ources

windows10-2004-x64

3

XWorm-5.6-...ources

windows10-2004-x64

3

XWorm-5.6-...ources

windows10-2004-x64

3

XWorm-5.6-...ources

windows10-2004-x64

3

XWorm-5.6-...ources

windows10-2004-x64

3

XWorm-5.6-...ources

windows10-2004-x64

3

XWorm-5.6-...ources

windows10-2004-x64

3

XWorm-5.6-...ources

windows10-2004-x64

3

XWorm-5.6-...ources

windows10-2004-x64

3

XWorm-5.6-...ources

windows10-2004-x64

3

XWorm-5.6-...es.vbs

windows10-2004-x64

1

XWorm-5.6-...ources

windows10-2004-x64

3

XWorm-5.6-...ources

windows10-2004-x64

3

XWorm-5.6-...ources

windows10-2004-x64

3

XWorm-5.6-...ources

windows10-2004-x64

3

XWorm-5.6-...ources

windows10-2004-x64

3

XWorm-5.6-...ources

windows10-2004-x64

3

XWorm-5.6-...ources

windows10-2004-x64

3

XWorm-5.6-...ources

windows10-2004-x64

3

XWorm-5.6-...ources

windows10-2004-x64

3

XWorm-5.6-...ources

windows10-2004-x64

3

XWorm-5.6-...ources

windows10-2004-x64

3

XWorm-5.6-...ources

windows10-2004-x64

3

XWorm-5.6-...ources

windows10-2004-x64

3

XWorm-5.6-...or.dll

windows10-2004-x64

1

XWorm-5.6-...at.wav

windows10-2004-x64

6

XWorm-5.6-...ro.wav

windows10-2004-x64

6

XWorm-5.6-...xe.xml

windows10-2004-x64

1

XWorm-5.6-....6.exe

windows10-2004-x64

10

XWorm-5.6-...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    XWorm-5.6-main.zip

  • Size

    25.1MB

  • Sample

    241006-nswswswfpa

  • MD5

    95c1c4a3673071e05814af8b2a138be4

  • SHA1

    4c08b79195e0ff13b63cfb0e815a09dc426ac340

  • SHA256

    7c270da2506ba3354531e0934096315422ee719ad9ea16cb1ee86a7004a9ce27

  • SHA512

    339a47ecfc6d403beb55d51128164a520c4bea63733be3cfd47aec47953fbf2792aa4e150f4122994a7620122b0e0fc20c1eeb2f9697cf5578df08426820fecd

  • SSDEEP

    786432:Ty5jMDNnx2+4NYobtH8VVtKqi9+i514XZ/pjYlp0:MMDNnxV4iobxibiIi5MpjYv0

Score
10/10
lummastormkittyxwormdiscoverypersistenceratstealertrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:7000

Mutex

SlX9k1N7cEJty72A

Attributes
  • Install_directory

    %AppData%

  • install_file

    XClient.exe

aes.plain

Extracted

Family

lumma

C2

https://pillowbrocccolipe.shop/api

https://communicationgenerwo.shop/api

https://diskretainvigorousiw.shop/api

https://affordcharmcropwo.shop/api

https://dismissalcylinderhostw.shop/api

https://enthusiasimtitleow.shop/api

https://worryfillvolcawoi.shop/api

https://cleartotalfisherwo.shop/api

Targets

    • Target

      XWorm-5.6-main.zip

    • Size

      25.1MB

    • MD5

      95c1c4a3673071e05814af8b2a138be4

    • SHA1

      4c08b79195e0ff13b63cfb0e815a09dc426ac340

    • SHA256

      7c270da2506ba3354531e0934096315422ee719ad9ea16cb1ee86a7004a9ce27

    • SHA512

      339a47ecfc6d403beb55d51128164a520c4bea63733be3cfd47aec47953fbf2792aa4e150f4122994a7620122b0e0fc20c1eeb2f9697cf5578df08426820fecd

    • SSDEEP

      786432:Ty5jMDNnx2+4NYobtH8VVtKqi9+i514XZ/pjYlp0:MMDNnxV4iobxibiIi5MpjYv0

    Score
    1/10
    behavioral1

    • Target

      XWorm-5.6-main/RES/XWorm.MIC.resources

    • Size

      119KB

    • MD5

      d079b64991e7ae90dcb355f1036831cf

    • SHA1

      980f639c4e3db7cea44ab28e40ccdd2c728ee179

    • SHA256

      aa4f13af48d1d3b3735a732e90163e6d302fe33a8f0041933dc76427f099aece

    • SHA512

      e6e5e21438d7b60eb9f7b6d8cc9e2a672e15dd5af2cecdfbc63dfce8e371982abbb951ce052e731daec9c86f356af54e81623dc7e72ff36a802907345d52f6b1

    • SSDEEP

      768:moZmmittmc9ik83EavHr/QS99wkwcMPliv+j4bctbK:5etYOC3lvHr/39Kcki2jAMbK

    Score
    3/10
    behavioral2

    • Target

      XWorm-5.6-main/RES/XWorm.Main.resources

    • Size

      1.8MB

    • MD5

      8d7f5438261b974eaf34287253799b87

    • SHA1

      086e994fa1ce12ebeba3c134ec9af69244e8c2e0

    • SHA256

      35a6f657c6d1db902ff3fbb3149e629acbf926c7c244bbce502c0b65cd2c536d

    • SHA512

      2e33671bf500e8a3727181e14cea8be2d4f77d4422720710056676ce4f8e6b4b2b3a9f38a0713750e7363c52af097ebb5c489c45d46c5627236d6afc81e67f67

    • SSDEEP

      24576:nm8179dddddNjYkDTFKlDy/Y3BZabuwVAeNgFfWN:nm815ddddde+MlDyg3BZaSI

    Score
    3/10
    behavioral3

    • Target

      XWorm-5.6-main/RES/XWorm.Maps.resources

    • Size

      140KB

    • MD5

      ed0eb94f77f681a3600539bb9a6cb6f5

    • SHA1

      b176e3455cd0224448e9d9b4b015789c794d8b06

    • SHA256

      f690fd15ad3c3150a48fd33962b44ec118bb3f9b210f0d0b27e3ee83420c73f4

    • SHA512

      8e097d3d8617043419154821d9721bd4f7e16f12a19f7e8873c8086872540c61e4d932e43515573eac08372a243c0ead855ebfe5488a1e6e53142c44cbb5eebb

    • SSDEEP

      1536:jjbwDfOmcgfteiMWWZoSp9wmLZoSp9wmT:nSfO0tkZAMZAA

    Score
    3/10
    behavioral4

    • Target

      XWorm-5.6-main/RES/XWorm.Performance.resources

    • Size

      106KB

    • MD5

      4c7233c83c2f749762fa0e000021e5e3

    • SHA1

      9b1a4826da8279f52aae9cf29570dd2679ada1bb

    • SHA256

      16ea3b81c6f9ad74d27c621f0b8485929dcbe293435b151124c388aa66f09c52

    • SHA512

      0f9b830fb139173f321a78b32b3166271cd5345df85b63b2a797e38cf3fa441715cc648e89768bf12bcdfcdb621273eb53b62d6fd66f5cabf6b8c40d3474174f

    • SSDEEP

      1536:LcP/zyxY/FVGJ+j+chraMRNPnLRhtAN4RRH9nl85gi:yyu/FVG8jbraMRDA

    Score
    3/10
    behavioral5

    • Target

      XWorm-5.6-main/RES/XWorm.Port.resources

    • Size

      139KB

    • MD5

      faf23924f3c859e9d570109d930928e1

    • SHA1

      6003549ef256bac573ff809a9a5d967b8106f9ab

    • SHA256

      bd3da4a9c29cb564c774bd8b8c0b79078f09b037cf2f3a8fa2566648f68a012c

    • SHA512

      227f0c0245ff48955a1ba95fcae513237c1d4f548ccba955c4b26a633e7330a312fcdea474dc87f2847b51a3694427f5227f60a77dd5168760cf28b770ee3fd3

    • SSDEEP

      1536:wi2AP+ew+ksEvCwVwLM+uvpIVyXJyozbGyMqmyVttdGFQeOPigp3dIHyYNSL:2A2ewhLapuvpAsZOyMqmyBeYVYi

    Score
    3/10
    behavioral6

    • Target

      XWorm-5.6-main/RES/XWorm.ProcessV.resources

    • Size

      67KB

    • MD5

      abfd25fb3ace375c63f8e9cd4ecff32c

    • SHA1

      d7b7f30bd62e17e1da6bad889b9f77d93c795039

    • SHA256

      1e1b3bd4c4dfe056edf30fba8d6bbf94665e9bcf936ab06db79213e8b400b61f

    • SHA512

      d8c0546d1ee9a35a7b8a3b9304ad63794b1e71d014f8c45145b60343f8140457a8711065f7a2aa87e68e1d564a45171425adab9b83adbe9491afe065d990fe0a

    • SSDEEP

      1536:io7ETH1QatyHkrVOceYM4pjq9bTQPmbYakBxBW/7jpYaGs:VYLe7HkrVOilyTaxw7jpY7s

    Score
    3/10
    behavioral7

    • Target

      XWorm-5.6-main/RES/XWorm.Programs.resources

    • Size

      164KB

    • MD5

      9f05c761cba903361771cea155ede6fb

    • SHA1

      af0311816e6f1315bf29e5a42ac3d75adf71d115

    • SHA256

      55c19900015145bee8c83f27ca58032550871a92047abf6166dbf547b6afa505

    • SHA512

      d4e049c341deeb7376e7def96e071808c9e04e085171b46af7f7096f52cf4288df19d3c2aa2c87816a6eaf5feb3f2257bd58e93f582498ad8e4fd4bcc652859c

    • SSDEEP

      3072:XfH6ZxP8NJAceI82I98CBCYLe7HkrVOiqyTaxw7jpY7s:XfH6ZxP8NJAceI82I98CBebq9TW7s

    Score
    3/10
    behavioral8

    • Target

      XWorm-5.6-main/RES/XWorm.Proxy.resources

    • Size

      108KB

    • MD5

      d6e648329cd1473e66a01a9402e907d7

    • SHA1

      ebe34259546be5638bde8ae75f96d6f70e3da62b

    • SHA256

      ee84fb0146a0a7e6bb8506159eaf12fc2888ae87b0553e1cb031e044830584dc

    • SHA512

      0d44e33084f163b0d56798ace44294825fd76478acf303ca03bbdf6dfa286cf8cd0677c50fc1a422073ec7498d13aeeaebfb89b1a4eefd55dd010c6c23c1a7ec

    • SSDEEP

      768:+SEnnnXXXXHXXX/fffbyuyuyuyonnny/vXH/zLHvEppicZXvZZHf+m:+SEnnnHXXX/fff3nnny///zLHv6JZ/D

    Score
    3/10
    behavioral9

    • Target

      XWorm-5.6-main/RES/XWorm.Ransomware.resources

    • Size

      101KB

    • MD5

      c653b8b3f18eb2a2882c2f3905b2380a

    • SHA1

      62235a88bc833fe7a41c9da2e5766306a026e144

    • SHA256

      bcea581804fc0d0e1d66c76a47f9b7bd40b81578bff0241bb4155a0c67486a46

    • SHA512

      a01927f5a4f3b1d838919074c42125d60d6e50af3e876bf614f0dd264627234973ba4b642f30040332c328587340be82f6057a5130baa0d79851fede67069a4c

    • SSDEEP

      384:r0vwtokwOdwq6upS9LvgUuYkYezHbMTb7+JZf5NXJAdDzMwA6jp:Y9XuYkYez67+JZ58zf

    Score
    3/10
    behavioral10

    • Target

      XWorm-5.6-main/RES/XWorm.Registry.resources

    • Size

      169KB

    • MD5

      d098b950169502933b9ef1f417f25172

    • SHA1

      8f40b86fa8a986588788676ecdcad5bf55c586d7

    • SHA256

      ce34680ff2984c6c4766889684a358358711d2cdf3171813ff768d7f1c9c53de

    • SHA512

      4a38f88db6a585d6a47e6da36ac8aceb15825453e5ff4804b2943be9e4053fb85206e473115e72a86c4b0c2d13fa9a1ae18ed7d96b52edd050e7e918fed33317

    • SSDEEP

      1536:6s67ETH1QatyHkrVOceYMa7ETH1QatyHkrVOceYMJ:6NYLe7HkrVOipYLe7HkrVOi8

    Score
    3/10
    behavioral11

    • Target

      XWorm-5.6-main/RES/XWorm.RemoteDesktop.resources

    • Size

      99KB

    • MD5

      0f5fc0694c9d76a6fd5b7e4158fd03e3

    • SHA1

      aa7eb852f5743e456e5737ca25e7b75ca7349b42

    • SHA256

      1dc136b225528fe4ee8020f46aa549e4bbdd76493d0579b6c1837d10acc3ba13

    • SHA512

      af3c1ff80a247ac8ee6440ff4410460603430f24557dce392b90961b77a2d978b6b75a9a606ca433ce16cc565d07c2b5fc41413c1229147194b24bbc1869c67a

    • SSDEEP

      384:rkvwKwq6uD0hAAAgAAAgAAAgAAAliIGzl8nnnJP5JJJJRetmJJJJ5gCnnnsjBy:rDnzly

    Score
    3/10
    behavioral12

    • Target

      XWorm-5.6-main/RES/XWorm.Resources.resources

    • Size

      1.6MB

    • MD5

      34986e38b463873af40f694874c1f6d3

    • SHA1

      8fa89cdb7a394cf8093d548ca9db4652c703ee72

    • SHA256

      557058bd29a5eb55ef073ea9c4dec0baea1fd3f3f4bf2cdd5ee3dfd33735e93a

    • SHA512

      c1b0278e8c21e5c28204f692a5cf5ed16c8ada0c6022d7d38e70905255f3aeb5d2c0fd4549f0ed19ead52aa0ced891a8f9372123bf5e1710be004958750874e4

    • SSDEEP

      49152:OsP2WTJcLsk9Pk6gAK6BN2NQUe+ErnuVqjNhHXH:zuWTGLP9Pk6gAK6n4ldyNh3

    Score
    1/10
    behavioral13

    • Target

      XWorm-5.6-main/RES/XWorm.RunPE.resources

    • Size

      103KB

    • MD5

      147c16f102addfdd7b756b8ee1558b82

    • SHA1

      e9aa9624bb96d369aa905d14e03db625d17d00f6

    • SHA256

      823554153d20aabf65c8635b7727dd6f26f14f79da929de9af8131314ec2c347

    • SHA512

      2df2784f5284e0808224a58fec6e12f02a5e09001c77991bf643b4304d99b633a3511551ef42e2e64f1ad6e5de0a44ff2c3b358413dd6ea6a9b08c0dfc592c38

    • SSDEEP

      384:rkvwKwq6u29Ax59IWzT9DfLtFbm44XdZcGe5Eas1gMVuM:D9Ax5x9vtFbm44XdZNeG3

    Score
    3/10
    behavioral14

    • Target

      XWorm-5.6-main/RES/XWorm.ServiceManager.resources

    • Size

      221KB

    • MD5

      776d31cf63f902ede47ccd1e09c463cd

    • SHA1

      a45e4761bc40019d6e5b72ece5d731c520d91303

    • SHA256

      fc7906c147eb0066e6cee2a528ab531b6d0ad1eb0b0a4d2a32a1be422809ecb9

    • SHA512

      f8f099d291b0ecab01d84d0c4f4480c7ea266cc79f1071d71c71ca3113f6c8594d82f192feb3b136be0e007542da1cc6a7b28b860bb3ee2e0e7747b75222bf0e

    • SSDEEP

      3072:VqR3kbym/bBGIgEJjHbD1yLHpkv+GhSx7BQFgfMyd9tbYLe7HkrVOih:lbJGcJj7D1cJkPhCprxbq9h

    Score
    3/10
    behavioral15

    • Target

      XWorm-5.6-main/RES/XWorm.Shell.resources

    • Size

      130KB

    • MD5

      a3fea8391774bbb0376e1f69eb6ee9d2

    • SHA1

      96032202ca3dee1983d1990ae856112f8c832173

    • SHA256

      7f71160fb4d68eda2e6af07f2b89416cd5668ffa5260dfbeb69391dfc5508586

    • SHA512

      10a3c77631a0d1ee80198ffe430a0a389897201ef60a8f3e9beff5125545477d8ce6ea8fa5d186ef31dc4681b62048d71fcbb3106a88f22aaa08ee75de2c842c

    • SSDEEP

      768:aoR1HiAxeglYAQ8BXIHDiJ9zUQI0xV3PrEiv/ewrmTIgdEM7XoSxSdL5NCc+Y:ayheg/Q8B59zUQISXnFmV+Ib81NJ+Y

    Score
    3/10
    behavioral16

    • Target

      XWorm-5.6-main/RES/XWorm.Sound.resources

    • Size

      189KB

    • MD5

      d867ec78d12cbf85eca15722c1ffcca3

    • SHA1

      90dc339c7ad81447758eadd2535298cfc2eb1bcf

    • SHA256

      7d7ca0ead2e362c4b2b4e5e7799b0bd115eff66abe9f7bb184734444142bfd9a

    • SHA512

      5bcbbccad3f71207e6c28784fa27e38d8c24c4d2edcdf3b55d5937974c63c9a8fe6ce311d6946ea13b669ade3c262f0c3bba82a330fbbb08a00bf066734ea638

    • SSDEEP

      3072:njXXX////ePrLaPp5+SRqRN1SMLVivg1AGA8JlT6rZQnmmQo:RPp5jyNQMLAvkAl8JlmNV2

    Score
    3/10
    behavioral17

    • Target

      XWorm-5.6-main/RES/XWorm.StartupManager.resources

    • Size

      167KB

    • MD5

      3e7ce35b2e085ba831d417d582b249b9

    • SHA1

      63926a8d61ef3eb1e9408e9c531ce35adba66886

    • SHA256

      73d138786a5f08114204491631867e44f5d1d60a683890509c7f69a78198c60e

    • SHA512

      27a6de57b2c88a8d1119232ef123e728b4f1bf9aedaae8caa026bdce9541ef61c4c3d5a59fb4c7613febbae5f5e19ae754c51a4ae9176f2eca5dc03d938048ac

    • SSDEEP

      1536:LasebR3b313F3F3goXjmtt32325JT8J8pjq9bTQPmbYakBxBW/7jpYaGS7ETH1Q0:L9eS5JyTaxw7jpY7SYLe7HkrVOih

    Score
    3/10
    behavioral18

    • Target

      XWorm-5.6-main/RES/XWorm.TBotNotify.resources

    • Size

      100KB

    • MD5

      b219d1ee4ae25f781e5bc88165839987

    • SHA1

      bcb30240b697493fd238c0d611081200a0abc3a0

    • SHA256

      6ec33992edc80f131e4a9f7f89fe9c9dba233f7c3bda8ce6e06711021e8645fb

    • SHA512

      e4d013c746ca857a135484d908fd2fca6257236b8b3cba8bc10209fdbb5f7cb3b595da15618f4713eb5cdeb7033772f72c22eb9ef5022c337d1dc3ebba67c746

    • SSDEEP

      384:r0vwtokwswq6uTq4fffjfff+7f75ArrqWKwA+apJ:dfffjfff+7f78rqWnapJ

    Score
    3/10
    behavioral19

    • Target

      XWorm-5.6-main/RES/XWorm.TXT.resources

    • Size

      101KB

    • MD5

      9cddc18b39b043d9542e5f0989faabf8

    • SHA1

      afe5c5b7d6a978ac504ec272c1e8dcaaae1d5b34

    • SHA256

      1ec2de5a4bb61ecb3a2e57da228d3c9f278853b21ead5553643bbaf6c6706b50

    • SHA512

      b9da58a39c39cfa665e63af0ea206ccbdeaf7452f801b3d2d9bd89e643c3c729de172ff6f86b8389d94f2f0ae92153275f4cb1a30fc60fa93e5fdb717cfa4a8a

    • SSDEEP

      384:r0vwtokwzwq6uCoAf+q7xVsFoSNDUSh+w6HvQdBeQanPw9h+w6HvQdBeQRzrh7ji:2iB7bsnWfffJFB

    Score
    3/10
    behavioral20

    • Target

      XWorm-5.6-main/RES/XWorm.TcpConnectionForm.resources

    • Size

      169KB

    • MD5

      84f1c4ac6a6d9b44bc830ab1129da3ee

    • SHA1

      55b207a19d11950267ce10e914c0b4adcad52f1c

    • SHA256

      5d1dcb82a528c97aa161d0ffa742032abdc3e911125d2171768ceeacf8fb9285

    • SHA512

      4faaff764f6074216c5d9a5493e949ffa6e0cf32a74181d8141d0e3d5b5795d3afd3dbf79f9bd2890d37f420205cd75328d8e488424e139ea1aa7fc9898c0aa2

    • SSDEEP

      1536:ZLnTGFCnE2TeaHXvSQ7ETH1QatyHkrVOceYM/pjq9bTQPmbYakBxBW/7jpYaGs:ZTUEeM/hYLe7HkrVOiqyTaxw7jpY7s

    Score
    3/10
    behavioral21

    • Target

      XWorm-5.6-main/RES/XWorm.ToolsBox.resources

    • Size

      241KB

    • MD5

      73bda4b934275a61f1ca27e88299a29c

    • SHA1

      63cb4ac6a9b0dcac53dfc35bcc817ddf46e5e399

    • SHA256

      f6a8d146ab66f03723e3ab551b1579f695947cbed073727af9fc396b2613f62c

    • SHA512

      9f2b82b1971a195eea9401084edf15f33694b3ff757b3c1b71d80315425c6942a3e924b9fb2681419f256128257682565ad13d78570db41fcb3e9095269cfdd0

    • SSDEEP

      6144:626twOOCanAtwOOCantAHzfadhIVBfVBd:62iwO7wOf0I3F

    Score
    3/10
    behavioral22

    • Target

      XWorm-5.6-main/RES/XWorm.VBCode.resources

    • Size

      174KB

    • MD5

      76d53ae7107963acbfcd4597019c7f06

    • SHA1

      6d01fa4b76be5007a5e1b6a7068ef32e8c09b258

    • SHA256

      0a8d6cdc13ff8387d4216b31384339e56fbe205ebbbdf1dc3f8f4d8587007ffa

    • SHA512

      8c5a7fae83626de3f87b0b6ab382e2b2d60e002a701c87d7ede28fd976d34e7d88d664a72c22c956c2f54e0b93150634e8ed535d4b04b2d65f2516d6cbe4a270

    • SSDEEP

      1536:fYWQm2zLGIBhvbXetsYOIw1AVLx9WXjbR2H8fsSp4KNcEq8YnFBT2L0RjpY6Wjvb:zQ1mInYW1jXjN2asvF8YnFBZxpYxvh5

    Score
    3/10
    behavioral23

    • Target

      XWorm-5.6-main/RES/XWorm.VoiceChat.resources

    • Size

      121KB

    • MD5

      9b4613ca9da1999c6b521410d75e417e

    • SHA1

      4671b2d8ce2280fefd6bd7aafbbf709ee0f554c2

    • SHA256

      1e5b9f16f88c4de8c4a3ad03cb318815f92c40f89eabcfdd1ad0483a41113527

    • SHA512

      a107f4d40581c2380b745a54640fd1ae5aa6ebde04310077074de22444b5adf3e64206c078cffc10725a77add0d023e52c2d763920e2e8941fd2f3ec58ec3e0c

    • SSDEEP

      768:V2bS6Pq2Ykkk+p/C+5hKf9wkwcMPliv+j4bctbK:4up2SFl5huKcki2jAMbK

    Score
    3/10
    behavioral24

    • Target

      XWorm-5.6-main/RES/XWorm.WebCam.resources

    • Size

      100KB

    • MD5

      0a82ee1d886148e7b149c3b4745ab653

    • SHA1

      a6b3e0127fa58c4479d5cdc4bcaadd9b6e666424

    • SHA256

      0ff62be2bcacad7ddda3b3cc32fee9c0a1c3bb5d72d81318728c1805204b2433

    • SHA512

      6a13d2e45d710d80970dfdf0bc09ec0709fc88e62d22c4aa2cfe6c8dab18bee14e134d613b1fcf8204b70cd9950c82d040eaf718a97a8f64502d05e3ec9f6c0c

    • SSDEEP

      768:LVLgN8K///iee8xxpe7ee8xxpe7ee8xxpe7ee8xxpeTD28g806Pj8ql:a1xxzxxzxxzxx2n0Tql

    Score
    3/10
    behavioral25

    • Target

      XWorm-5.6-main/RES/XWorm.ngrok.resources

    • Size

      101KB

    • MD5

      b776cefaa200763a77bf55211c838b3e

    • SHA1

      4296aecaec1f77623dafb7e34a76c8b25ef6bff3

    • SHA256

      b7e3e334ae48421bd3cd08679d94614e3f5c2d5847aff6eb7e06532966a43013

    • SHA512

      19fbaa3369ff3424bcd6fdcd35c677b686bc465bb558e8933a93ce0997bf782929f4cb5c1e2022d0d3ce3f54d4fb6bff25b11444760972919d3ba0fc00aae7b0

    • SSDEEP

      384:r0vwtokwPwq6ub5wAlec7vxohnxNQI5EOyK/WdpcN6Y9F/2KWowAglB:JMKyqNri9B

    Score
    3/10
    behavioral26

    • Target

      XWorm-5.6-main/SimpleObfuscator.dll

    • Size

      1.4MB

    • MD5

      9043d712208178c33ba8e942834ce457

    • SHA1

      e0fa5c730bf127a33348f5d2a5673260ae3719d1

    • SHA256

      b7a6eea19188b987dad97b32d774107e9a1beb4f461a654a00197d73f7fad54c

    • SHA512

      dd6fa02ab70c58cde75fd4d4714e0ed0df5d3b18f737c68c93dba40c30376cc93957f8eef69fea86041489546ce4239b35a3b5d639472fd54b80f2f7260c8f65

    • SSDEEP

      24576:FDy7cKOfkiRrXP5WtJvW1mpjSWr7uoZme1V86:+8/AtJes1LJ

    Score
    1/10
    behavioral27

    • Target

      XWorm-5.6-main/Sounds/Chat.wav

    • Size

      45KB

    • MD5

      832a3652fd780edcdb2439ec33532c0d

    • SHA1

      f0754ee6519d77700f5ee5b744b8c99386d7b577

    • SHA256

      45f4136e58a5f749d125d2ab54308f81954d2c5b364b66013660a6c358845d1e

    • SHA512

      3b3b55afcdfa00d9b7085b20ed52a7b4d8b7d403f5d0d1c539781db1a20257efd8c856e19b8f32ea33766a580690b498ff063849519691a9a4cbbcd3e9447cd4

    • SSDEEP

      768:QVPqefmaP5C3KduJn13jSHYHzIcr6DPW75Pvi3Fy5NQbIbhuJLA+LhDclY3Rp6:yP1mU5GlJnBS4TIQ6o163ofQ8b4Pfm

    Score
    6/10
    discovery

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral28

    • Target

      XWorm-5.6-main/Sounds/Intro.wav

    • Size

      238KB

    • MD5

      ad3b4fae17bcabc254df49f5e76b87a6

    • SHA1

      1683ff029eebaffdc7a4827827da7bb361c8747e

    • SHA256

      e3e5029bf5f29fa32d2f6cdda35697cd8e6035d5c78615f64d0b305d1bd926cf

    • SHA512

      3d6ecc9040b5079402229c214cb5f9354315131a630c43d1da95248edc1b97627fb9ba032d006380a67409619763fb91976295f8d22ca91894c88f38bb610cd3

    • SSDEEP

      3072:FU3hYG9X9JzhaLL5+QYKHZDa6D+4LT92KEpcP+b8FGUt0Ybs5e9jXjubLtNmBNs9:GjVsLL5lva6D+4P9llWvaGe9CHeBNm

    Score
    6/10
    discovery

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral29

    • Target

      XWorm-5.6-main/XWorm V5.6.exe.config

    • Size

      183B

    • MD5

      66f09a3993dcae94acfe39d45b553f58

    • SHA1

      9d09f8e22d464f7021d7f713269b8169aed98682

    • SHA256

      7ea08548c23bd7fd7c75ca720ac5a0e8ca94cb51d06cd45ebf5f412e4bbdd7d7

    • SHA512

      c8ea53ab187a720080bd8d879704e035f7e632afe1ee93e7637fad6bb7e40d33a5fe7e5c3d69134209487d225e72d8d944a43a28dc32922e946023e89abc93ed

    Score
    1/10
    behavioral30

    • Target

      XWorm-5.6-main/Xworm V5.6.exe

    • Size

      14.9MB

    • MD5

      56ccb739926a725e78a7acf9af52c4bb

    • SHA1

      5b01b90137871c3c8f0d04f510c4d56b23932cbc

    • SHA256

      90f58865f265722ab007abb25074b3fc4916e927402552c6be17ef9afac96405

    • SHA512

      2fee662bc4a1a36ce7328b23f991fa4a383b628839e403d6eb6a9533084b17699a6c939509867a86e803aafef2f9def98fa9305b576dad754aa7f599920c19a1

    • SSDEEP

      196608:P4/BAe1d4ihvy85JhhYc3BSL1kehn4inje:PuyIhhkRka4i

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral31

    • Target

      XWorm-5.6-main/XwormLoader.exe

    • Size

      490KB

    • MD5

      9c9245810bad661af3d6efec543d34fd

    • SHA1

      93e4f301156d120a87fe2c4be3aaa28b9dfd1a8d

    • SHA256

      f5f14b9073f86da926a8ed319b3289b893442414d1511e45177f6915fb4e5478

    • SHA512

      90d9593595511e722b733a13c53d2e69a1adc9c79b3349350deead2c1cdfed615921fb503597950070e9055f6df74bb64ccd94a60d7716822aa632699c70b767

    • SSDEEP

      6144:3PkcFUUUQHs5TlOhDuy4VjmSO6/tU4j06xeJyCjvhsXZ4m05d0qCsfBLuWWCV/rr:3McWUUysz/NhKjJPhM4/5bV/rvgE3

    Score
    10/10
    lummadiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma
    behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

stormkittyxworm
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
3/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
1/10

behavioral14

Score
3/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
1/10

behavioral28

discovery
Score
6/10

behavioral29

discovery
Score
6/10

behavioral30

Score
1/10

behavioral31

xwormpersistencerattrojan
Score
10/10

behavioral32

lummadiscoverystealer
Score
10/10