xworm

Resubmissions

18/10/2024, 00:32

241018-avtvesybqp 10

18/10/2024, 00:24

241018-ap6xssveqg 10

Sharing

Copy URL

Twitter E-mail

General

Target

Xeno-Executor-v1.0.8-main.zip
Size

4.1MB
Sample

241018-avtvesybqp
MD5

5f092e0d074a1a45f22db0bd55c0931f
SHA1

9294aa768de3f0ef8a6468854e2d118c5a72d6fe
SHA256

5f6b7fac414c602989c14283e4bfd01a9dad04d84d178a4fd108d1e5d133eaf4
SHA512

346eae473dadbd7f05743ea02a49fc4c1fd7a92d8b7e09fa8f8291a5ddf3619e6c0ab1196e4d46a930e54c110abf461966fbf4dae5fff1cf6dfd756b46d2a0a0
SSDEEP

98304:4FP5+BAtOValm08CkdzmbjjgAPd1fJ+BOxbaYZ01dvpbN8:4L+B6O8lmNC4SbjjgM1fJ+S1UlS

Score

10^/10

Malware Config

Extracted

Family

xworm

like-minute.gl.at.ply.gg:57419

Attributes

Install_directory
%AppData%
install_file
antivirus.exe

Targets

- Target
  
  Xeno-Executor-v1.0.8-main.zip
- Size
  
  4.1MB
- MD5
  
  5f092e0d074a1a45f22db0bd55c0931f
- SHA1
  
  9294aa768de3f0ef8a6468854e2d118c5a72d6fe
- SHA256
  
  5f6b7fac414c602989c14283e4bfd01a9dad04d84d178a4fd108d1e5d133eaf4
- SHA512
  
  346eae473dadbd7f05743ea02a49fc4c1fd7a92d8b7e09fa8f8291a5ddf3619e6c0ab1196e4d46a930e54c110abf461966fbf4dae5fff1cf6dfd756b46d2a0a0
- SSDEEP
  
  98304:4FP5+BAtOValm08CkdzmbjjgAPd1fJ+BOxbaYZ01dvpbN8:4L+B6O8lmNC4SbjjgM1fJ+S1UlS
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1
- Target
  
  Xeno-Executor-v1.0.8-main/Microsoft.Web.WebView2.Core.dll
- Size
  
  557KB
- MD5
  
  b037ca44fd19b8eedb6d5b9de3e48469
- SHA1
  
  1f328389c62cf673b3de97e1869c139d2543494e
- SHA256
  
  11e88b2ca921e5c88f64567f11bd83cbc396c10365d40972f3359fcc7965d197
- SHA512
  
  fa89ab3347fd57486cf3064ad164574f70e2c2b77c382785479bfd5ab50caa0881de3c2763a0932feac2faaf09479ef699a04ba202866dc7e92640246ba9598b
- SSDEEP
  
  12288:6CxswUBor35JrpQ322zy+uFKcDoRFNCMmeA+imQ269pRFZNIEJdIEY0lxEIPrEIE:6Cbmv
Score

1^/10
behavioral2
- Target
  
  Xeno-Executor-v1.0.8-main/Microsoft.Web.WebView2.WinForms.dll
- Size
  
  37KB
- MD5
  
  8153423918c8cbf54b44acec01f1d6c2
- SHA1
  
  f0c3c5412b809725e6d4809230adb15cc7d83ad2
- SHA256
  
  5696366f7458da940cc986dc5d3d4549a2368512acd769014ecbb07b47bd88b4
- SHA512
  
  f3dc771e37c71479d332142ec5a9c5c3f39ca71937f595a0f7482ae5aaaafd92e932efc9b0363d4511d547f3c8b2e0497ebbf8356e7d07fc344f4e5715b0ee87
- SSDEEP
  
  768:1sjCEEHJ9l0EeFZ2sxIHzttZDgcEST3p4Jjrjh2jJ+SG2au8vxJKia5/Zi/ZGQKk:wCEB15azttZDgcEST3p4JjrjaJ+SG2a/
Score

1^/10
behavioral3
- Target
  
  Xeno-Executor-v1.0.8-main/Microsoft.Web.WebView2.Wpf.dll
- Size
  
  50KB
- MD5
  
  4a292c5c2abf1aab91dee8eecafe0ab6
- SHA1
  
  369e788108e5fb0608a803fa2e5a06690b4464b5
- SHA256
  
  b628d6133bf57b7482a49aa158e45b078df73ee7d33137ac1336d24ac67ed1b4
- SHA512
  
  ca22adfff9789730e4c02343e320d80b8466cfc5a15f662cefe376b7ee29dea571004c1c26cd3f50c0d24e646f2b36b53fa86835678f46f335d65eec52431cde
- SSDEEP
  
  1536:gpGhWMhWLF9jwKi8LDP/ryEH0GBy4JjrD1aah/UaOzk6hKKa5/Bi/IGCv0Z0T6Cc:taBi8LDP/b0GBy4JjrD1aah/UaOzk6hz
Score

1^/10
behavioral4
- Target
  
  Xeno-Executor-v1.0.8-main/README.md
- Size
  
  2KB
- MD5
  
  c030e5c8077037f04f6f68e4082e56ab
- SHA1
  
  48bb4987794ac961a26f9607ad2a95224b9282ca
- SHA256
  
  cb5c119e8765e2287cef7b7ccab9c43497519613f6a80fe408bf24ddb55b5604
- SHA512
  
  d5273f5472ff24931052d479312f817c738f0fbb634df27a49a9b5df5f2707fc4d026125bab732c0f06a3e9d70f1fa2cfac644e9e885d2ca7f7c9e76416ef3b7
Score

3^/10
behavioral5
- Target
  
  Xeno-Executor-v1.0.8-main/Xeno.dll
- Size
  
  921KB
- MD5
  
  dd4e31ef1fe1a2a31fbf8f58439cf092
- SHA1
  
  8ecdbc11ab0b3553c1c7a02d01ad68c142d8671c
- SHA256
  
  21c8e1a52b1bf4a0a6fe869665db02f62bc47f9b2431f202cbbd61bbab75b1b6
- SHA512
  
  a3678b5ae47c947e498a902afad57041cb0ac5ccd707a98ff39790f0120e207efaff4058511042ded8ef0081b722e962a7eef39f08a1cbc8984f86b5eba364a4
- SSDEEP
  
  12288:Mvo4cyJBdjpYwe/ChT6LmwrDElm/B0/So8pTXZbpB4KT:MvvB1+weumzDElgB5p1L4KT
Score

1^/10
behavioral6
- Target
  
  Xeno-Executor-v1.0.8-main/Xeno.exe
- Size
  
  53KB
- MD5
  
  f181bd676c27c82a9041018a1b31cc34
- SHA1
  
  e5e146d152b5e0e1f533e99693d3226000a68816
- SHA256
  
  20919e71c5aa9728b8dbd5475b0efabf3a7aa730be17151a9bb2dd21fa1e1dce
- SHA512
  
  e7b089deb4d23087226f2d5377931466acded58e82f67f7a8bc8e0a20e5bf135c8ea7fce117fb0353357b0a08c3f474a906fe7774d65f9da720de3b19013451e
- SSDEEP
  
  1536:PwssRhl59X3CDNkg6LbcvHbpE42c3UiOQ9GHnUpKX:Pwtl/X8Hbp+c5OQMZX
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral7
- Target
  
  Xeno-Executor-v1.0.8-main/XenoUI.deps.json
- Size
  
  1KB
- MD5
  
  1d9878fc41040177b8d42d7e2d16b139
- SHA1
  
  329e72f0ea87331a5a042a4c528fd4c154dd5f17
- SHA256
  
  0bbd19d229e6072fe8d9bbcaebf69c35177386329955f6ecc63c27146296ce0c
- SHA512
  
  eae3f122975afaaf60629296392285f5c43000becb2c9e9d65f86e53531878dae51ac7780b11abc94e65162a41c472165c35a770e5230f84d949ec996b40c287
Score

3^/10
behavioral8
- Target
  
  Xeno-Executor-v1.0.8-main/XenoUI.dll
- Size
  
  63KB
- MD5
  
  561811077e02f3f89cf6746859d13628
- SHA1
  
  f16dd63bf27052ad3a8dec5397e2ea8c63fb17c8
- SHA256
  
  9c9384a4e76023c8b0f950922807f02fb96d7d94c9d6d8e8e932d5583ca7be5b
- SHA512
  
  173ffd18e2efa343a895ee28cef7508ae49629b338a62945ed74e2c1f8353f0719bdf6691f6f1f4b647f0e1e576e0323f9a407adcb15c38aaaa20d7a095ca094
- SSDEEP
  
  1536:G9Rlp39Tr/mbZrBSp9rlCM/APHV5y67sMP+:GH9Tr/mbZlS787Pby67F+
Score

1^/10
behavioral9
- Target
  
  Xeno-Executor-v1.0.8-main/XenoUI.runtimeconfig.json
- Size
  
  458B
- MD5
  
  07b9a30265ca4e69c7016a1b6e3ffc27
- SHA1
  
  3a4af82a2695b1423aedd8b60a5c86793c011b02
- SHA256
  
  c71152bf25e40d647b2440c5b39be157a3d356106be9d5b678ab97bb87b4e782
- SHA512
  
  efd582f8edcdba5ef48d02eee5f73d83ff35071af99b49e08e0213928568d728d0856e3b903bfcccb9237f786846cf94da83139f99e9bee86287aff2071c3f1c
Score

3^/10
behavioral10
- Target
  
  Xeno-Executor-v1.0.8-main/autoexec/del_me!!!
- Size
  
  1B
- MD5
  
  68b329da9893e34099c7d8ad5cb9c940
- SHA1
  
  adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
- SHA256
  
  01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
- SHA512
  
  be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09
Score

1^/10
behavioral11
- Target
  
  Xeno-Executor-v1.0.8-main/bin/Monaco/index.html
- Size
  
  164KB
- MD5
  
  a9793319d1395e6f3564bba48465d42a
- SHA1
  
  1db3ca7fa5e0270c4e278755983d7af83110db0b
- SHA256
  
  02ac2ceafc55b77fc9ae9dd8c15285a4bb0247f5851ae601c9cbfef5228a8325
- SHA512
  
  f2d0fc7c9ab587cbf394ca0bef4647bf2f9370478c4ad9595192f3d03a35d74f514df9c8ca127a547db7a2dbd7ef988814cd9c05f907ef2e39c436e014f2c9c8
- SSDEEP
  
  3072:Nk4J09UmmJv8kBpZaFD48VOAGUWYPjDZlLJbRBiPEP8yKUz2Ojmjr8zM3KP7pblL:64J09BA3pZaFD48VOAGUWYPjdlLJbRB9
Score

6^/10

discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral12
- Target
  
  Xeno-Executor-v1.0.8-main/bin/Monaco/vs/base/worker/workerMain.js
- Size
  
  133KB
- MD5
  
  d0ac5294c58e523cddf25bc6d785fa48
- SHA1
  
  1b3661b6db36f1b14fd80dc9a739bfc69c68dfe5
- SHA256
  
  e90d1a8f116fa74431117a3ad78dde16dde060a4bf7528dfe3d5a3ad6156504b
- SHA512
  
  fea07a1ea5d29a3b4c614248655f4d1ddd94c10c6a6b5c8b428a8b4c0cbec7e7492fa0665c5001e65ce167240ffdfc5ac2c2ed14da3d6f508ae8d8b3c8e8eebb
- SSDEEP
  
  3072:bzjH/zYJc5c/7tMLrJ78II4F9N8+em5W+:XjH/zYJc5c/76LrJ78I7BL
Score

3^/10

execution
behavioral13
- Target
  
  Xeno-Executor-v1.0.8-main/bin/Monaco/vs/basic-languages/lua/lua.js
- Size
  
  4KB
- MD5
  
  eebda1fdd970433750c115eae2f03865
- SHA1
  
  3f1a1cddb99dead013eac825eb418241656d4bf0
- SHA256
  
  ac729efb3164f48d6b08f74d4b15060c126a30d40fb4cd4fc9cc94f2e19bd7c7
- SHA512
  
  8b188f3ae73a14a9318dce9761312d9dd2360ab00ee36e83ca6b74288a109c91770954db7537fd84a76707a1e79528fffc97f3a718bcd924545b469a1363c9cb
- SSDEEP
  
  96:HDGAW6FJJJkCO8evcIWtdrvrg+1/sLMiWAOKjLobLMzD:BWCDqC20IWtZD92pzOKvomD
Score

3^/10

execution
behavioral14
- Target
  
  Xeno-Executor-v1.0.8-main/bin/Monaco/vs/editor/editor.main.css
- Size
  
  294KB
- MD5
  
  23c7db6e12f6454ef6e7fb98d17924d8
- SHA1
  
  06398b44a338db5eeab2d461347334fc69af5af1
- SHA256
  
  615824c59ed1e07f5924286e9f02f3120b9064d59e115d3f668a914e07839451
- SHA512
  
  5ed3103e4f6640ca71e103e7f3752aca3027d8c563084d519f9d6358018ccdfacd0c4c08b69e510f88effa2b56dce04241ee7f92f3db99d9077b49ed7271d924
- SSDEEP
  
  6144:TzsUTrsZ7KcNkuwcv2As0aMY/Y/RR9MtpWKco:TzsUTrsZXkW4/50i
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral15
- Target
  
  Xeno-Executor-v1.0.8-main/bin/Monaco/vs/editor/editor.main.js
- Size
  
  2.1MB
- MD5
  
  a7e3083cfe200263edfb4bf011b893a3
- SHA1
  
  18b52dc38e7a8a612892f5e60a08d9b19e1f472f
- SHA256
  
  9e2fb6171592f7a3c33d3b5baef58b516b36473ff7717bbd643574991923435e
- SHA512
  
  6bbb149102958e23c42accbbd18595fcfffd547bb826f2309956c036983692e83b7313567a42e50d98a1c946fab554e32b77ef4d0f8bc0cc7f0dda196fd7e23b
- SSDEEP
  
  24576:jFFExk98EXl2uRJxjP3Gdv6QLtQ2MbRpn:Yxk98EXl2ixjP3Gdv6QLtdMf
Score

3^/10

execution
behavioral16
- Target
  
  Xeno-Executor-v1.0.8-main/bin/Monaco/vs/editor/editor.main.nls.de.js
- Size
  
  46KB
- MD5
  
  d1fd2fb756c73970b9c5e0ba07bff708
- SHA1
  
  470057b3244886dccc9f6074297cc8bc2a9c1b39
- SHA256
  
  cb1c3416ff242a738c45c3b2590d7d222b159a95a69ce3b7b8d7c8d18ea70828
- SHA512
  
  db2432182ff4c85fcca5093d0e433ed9cf5bed3ea3db9ed82fedc87af4d260e0d0f29ff67f0b8ac78e162586a74998ad082a91e8f9a76717827a83d5b2f775cf
- SSDEEP
  
  768:ocuLC1xYdRB1a3Xq1GdigBoQqAaI/QQUEYPxFpXT1kF7bJZYmz7lehjDWMQRBk3Z:oclxgVuXq1GdiRQqAaI/QvEYPxFpDkbg
Score

3^/10

execution
behavioral17
- Target
  
  Xeno-Executor-v1.0.8-main/bin/Monaco/vs/editor/editor.main.nls.es.js
- Size
  
  46KB
- MD5
  
  36f546b28ca17ece9f8eb9bcf8344e13
- SHA1
  
  d43934b9041587799e332b2f568aa81666227258
- SHA256
  
  327437ee3793e9ae0686c78196b459592c282ed2e86f95ce28d32693b76d7654
- SHA512
  
  13f8cc23038c07b6840514db4fc7b503b7a38ae1ec3baab44f1bfbded40ac50ae03c05c754f9678eecd0c8fcefab958152b39b731068b8c2c976c4c57e97f36d
- SSDEEP
  
  768:oX8nKFyVgAYwTQG8zHqIkGMvnmvoKA9OfxjB3EVuU13pjbazPn0ANy7+IkLDKPp9:oMKFyVRcdzHqIkGMvnmvoKA9OfxjB3E5
Score

3^/10

execution
behavioral18
- Target
  
  Xeno-Executor-v1.0.8-main/bin/Monaco/vs/editor/editor.main.nls.fr.js
- Size
  
  49KB
- MD5
  
  1a29080733878dd44e0c118e84cd0c39
- SHA1
  
  60c158e23962b11918f6cae26445fad5b63bc65a
- SHA256
  
  6ed837dc1905c06a20d102921ff06a0bda003c5368ed0576bf7e69494e889ae8
- SHA512
  
  5cc68cabb583100320d7c875fd7c46f5c618c3968ac2a7c2b60f90ec74b29349a557049c17d5c851cabb54d5ef26cd65e8d2288d70b62ede06ee1762e25dbd60
- SSDEEP
  
  768:op8flgb2uZ5CcXQ6Q3edz3uzATaY3l0y+wj90TWIvkU5BkREPTtOjNjZocYV3A4k:owliv5Ccg67SATaYVKPkRskjNGBAa3k
Score

3^/10

execution
behavioral19
- Target
  
  Xeno-Executor-v1.0.8-main/bin/Monaco/vs/editor/editor.main.nls.it.js
- Size
  
  48KB
- MD5
  
  18e88f58301ad5ae926204507ab99c6b
- SHA1
  
  8eb03235312e88b941f3be212c0efa12b24e6d5f
- SHA256
  
  4fe2c4420294758883e134bdf7da9e6c2abf631d3a89c765f32f6c1d0f62653c
- SHA512
  
  f66283ec4182e9062f9f03a83acb3f2a49b98fb9ef67e48eaf5227236919ca279831b822fcb3ae252cfeafd81d12fe9c89a2843d91ab140a2b79b6bbc1d4f013
- SSDEEP
  
  768:opTEy7izsuMa01VaiYR2L8XoXNj8YtvnYbP4ymMb3d/gyKJdnPTrysribj5K3m05:of7fQ2qd4yq2FA1J1qn4VN7CgL
Score

3^/10

execution
behavioral20
- Target
  
  Xeno-Executor-v1.0.8-main/bin/Monaco/vs/editor/editor.main.nls.ja.js
- Size
  
  52KB
- MD5
  
  3bf851cc70f515cbbe1d39da93e4f041
- SHA1
  
  88fe6323bbe14b55b6eec078574318e8474be613
- SHA256
  
  1f3556ea7233843b9e08b3c97b6727c533d702563e195c2090a438070dc85f0f
- SHA512
  
  61ffe9ec3550d2f8dfbc30d7d61327584833bb714a9d2cfc9788449190089dbdeaa293bb9921a43da782e1c36b7d242e13ac052b46210d2e79793626e921169d
- SSDEEP
  
  384:hyd/PwPtm+04LZ+FFHr0ZA9qOSTvvIEveG1vz14NdahWMpA1Uj4vHbX3IPDScLBV:olP4LsIOCaT3lJr/Tvk6892vU1ssD
Score

3^/10

execution
behavioral21
- Target
  
  Xeno-Executor-v1.0.8-main/bin/Monaco/vs/editor/editor.main.nls.js
- Size
  
  38KB
- MD5
  
  e871d4d9539c26d7d2bf32801ebdecf0
- SHA1
  
  711460f619ef09fa23d272d97bfc00593a5319a8
- SHA256
  
  5ff0084e6a7eee82a735616239aaf2190ea9d90e89e19340831f3d590828016a
- SHA512
  
  b6b9bf96c132db9dfc99d70320231630fc46a8a83f500d8e4f677e2d03206364f2666946f69061dcba2e759f005261dae1ece73e054aa56b8210551bc353cced
- SSDEEP
  
  384:hy38McmvQkKEQq4xlX7lrp1E1bIJUeYB4jV87XfVGT3H6Sq6Q4wCJjoce1u6I7JS:o38M7fQq4xPj7+lJcYYKqkGSVetbesy
Score

3^/10

execution
behavioral22
- Target
  
  Xeno-Executor-v1.0.8-main/bin/Monaco/vs/editor/editor.main.nls.ko.js
- Size
  
  46KB
- MD5
  
  60fcd422ac97a1b645ff48cb6928f7af
- SHA1
  
  da5b57dfbd257720155e303f0e75e263f0e74190
- SHA256
  
  98e649fa40d8e2ccfdc212341feb8165a7d7bbec31e8a77d9819ad9474e4b8ba
- SHA512
  
  52439f47f1e12ccf37db40f9fa8fa4966579cd6b327cde1768187cd7fdc7ebdd444e1953e29ed09bdced40d764c2e8f7131d44908c00bfd350e856a9df661aa4
- SSDEEP
  
  768:oNOnmkUxK1pLkKgljQM1r0xXDj8kE6q2XlGZrAPPvzcDzr5u1QrWp4cX6go:o4ZUxKgKzxzrE63GZrAPPkrmQKp4cX6L
Score

3^/10

execution
behavioral23
- Target
  
  Xeno-Executor-v1.0.8-main/bin/Monaco/vs/editor/editor.main.nls.ru.js
- Size
  
  75KB
- MD5
  
  6e7d5b984917b00f131c47473ce2b866
- SHA1
  
  97f94134ff8f73ab48c0635550f2d8054c239c7f
- SHA256
  
  1bb069d95a395bf258d1f262814591aa762c4b30529adde32ccbcaa7c7ca508d
- SHA512
  
  f2595e7e1812073c50bfa058db3c7918dd8d7a6f0d20a576c68d854a4c61ed74bef3ad5ab23430567065677d737d81c7f17010055a069b9e38b5594d65e882a0
- SSDEEP
  
  1536:ox/PFmMhjpIMbBBKOXnPCSHhiaV6can9oA2yG+YQI/Y:QbhjpIcB8OXdHhiXcanGA2yGiI/Y
Score

3^/10

execution
behavioral24
- Target
  
  Xeno-Executor-v1.0.8-main/bin/Monaco/vs/editor/editor.main.nls.zh-cn.js
- Size
  
  36KB
- MD5
  
  05e49314cf801f5d3992b55243690ea7
- SHA1
  
  c20fca9f037adf2edec34ccf67a08e56d1d71bbf
- SHA256
  
  e9adc8ffca9853ef6e0bd4e955af9f395a570bc7772fc2dac0c0ff241aac864b
- SHA512
  
  7d499b41ae9bee2e72b721a49c0d053029624b19af1ede71a4378e14d3f6b407539c18d29422fb8d21681ce7dc160d2f11e80064017f5c8a5f645d6c1a77cc75
- SSDEEP
  
  768:oJbVMLHwwytIMTAlthuIjOP4CAz9NlL2/AdszzHsVBI/C4j00llmR+V66U:odPPZ+huIjTszzHs3IXj00llmMV6j
Score

3^/10

execution
behavioral25
- Target
  
  Xeno-Executor-v1.0.8-main/bin/Monaco/vs/editor/editor.main.nls.zh-tw.js
- Size
  
  36KB
- MD5
  
  becbf441d95b0bc1565faf47ce9de373
- SHA1
  
  f660a8a29dc9861f7ff7e228622d492f1630b873
- SHA256
  
  94a7ff81b8ec3217a46bc5cdebe2c6aee98f73e6e902b7d9cf394836d052bbe5
- SHA512
  
  feee8ef6e36984309186b8ff491982efe4f144859c3f48d147b26bd61af6af751e013a951e945f02a2057368b485204734f6dc50cd6fca6294426b7fbdbcaa4f
- SSDEEP
  
  768:ozietcy+xQHM2k00fZvOHRUJdFF/JlN+QVtWrn05IxXUeqJ1wrv6Vl900U1LjK1G:o3sxQHM24ZvtdFF/zN+Q2LUeqJ1wrv6y
Score

3^/10

execution
behavioral26
- Target
  
  Xeno-Executor-v1.0.8-main/bin/Monaco/vs/loader.js
- Size
  
  29KB
- MD5
  
  bc15bb48d4d5c60ce7f16819f4d988c4
- SHA1
  
  87c7f328aa357d52b68b2cea0a214365a40cdc36
- SHA256
  
  5c3cf09973404ba31d760952f267751ef2bb09f315331d13ca432b65ce2c480b
- SHA512
  
  b5d7481773cafd01f3d738949a54e49c166c9a8fea3a150f6f0eed7449176d630991e27544a4e7b23fdad29700ae7fbba5de42f97c69874b6f2ad374194a9853
- SSDEEP
  
  768:o7J6CgCAqoxgiwYeMX/so92s8hHlDmc0yvrCfS5kUN+WV+X7:oV6lC8fwYeFKcV5k
Score

3^/10

execution
behavioral27
- Target
  
  Xeno-Executor-v1.0.8-main/bin/editor.lua
- Size
  
  138B
- MD5
  
  b9b1a02e7687554b7d60040fbef3260e
- SHA1
  
  b97860c03bd939651db2a642f4a26695821797dd
- SHA256
  
  1dda4b857cd4c2c7c398f07b117d738dbfb0ccbd1bc7d7120618d901f9cf052a
- SHA512
  
  53d70f7b99229708964b3f114c4aac8dc3329a96754fae493a86858a945f42960db14ebe19656064d9ba8eb26aac5b91997ed1b2c8a3ed58aa08bd3f4fd61396
Score

3^/10
behavioral28
- Target
  
  Xeno-Executor-v1.0.8-main/runtimes/win-arm64/native/WebView2Loader.dll
- Size
  
  136KB
- MD5
  
  8f2648cd543236ef1b4856715731e069
- SHA1
  
  c269e906556c160201fe229b9f6f3dde26888ac4
- SHA256
  
  77152af4472dc7741901ba69ce3a670992546eb2f5eda3db7fee135ee0037de0
- SHA512
  
  26bd06330e690dc73534ec2c54cd75149c0e96cbcfb34b9012532223db51d98b37b8b5c507d8d1a9b3829ea49493981d79cc1e5aaaa5b0d4b796a72f4420f2cc
- SSDEEP
  
  3072:VgpD1l8o58rpoJbMPN6OSBTj0zEtJW6hGo3:aphl8omrhlzEtJNhn
Score

1^/10
behavioral29
- Target
  
  Xeno-Executor-v1.0.8-main/scripts/Sine Wave.lua
- Size
  
  1KB
- MD5
  
  0bbb2aebfadc119226992045dcaa30b4
- SHA1
  
  6939f7c1f4fa7ac0f81e9dabef32fdb24d120e72
- SHA256
  
  a5f5aca3ac216ac9040d0425eb52b1465674d8cd79d928474562d9a644ff4f0b
- SHA512
  
  b433ad6f5d365c58e2260588fae7a3cbecbfe734daff125ce18b6673c629c1b6bccd6142ea49c2c77d57dbe9ab2d02b2897fd2d7c592d524952a62348715bbf8
Score

3^/10
behavioral30
- Target
  
  Xeno-Executor-v1.0.8-main/scripts/Spinning Donut.lua
- Size
  
  1KB
- MD5
  
  967403f0ecb43917e841a085851b732d
- SHA1
  
  b09f3bef3e9fe87970b48db46529c611c302db16
- SHA256
  
  cb1a35b6ae394e479b97aa1f946ca21b8794dd0d60b08b85bf89fa5b35a4d8da
- SHA512
  
  34e83a25f330243faf86b62923a873a9104fa62f756a66074905f7980475581eded0a92cd88b6beba9b6424fb7f2a9cd743627871f80d51ff36c39f28ccb29b3
Score

3^/10
behavioral31
- Target
  
  Xeno-Executor-v1.0.8-main/workspace/del_me!!!
- Size
  
  1B
- MD5
  
  68b329da9893e34099c7d8ad5cb9c940
- SHA1
  
  adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
- SHA256
  
  01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
- SHA512
  
  be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Detect Xworm Payload

Executes dropped EXE

Looks up external IP address via web service

Detect Xworm Payload

Xworm

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32