General
-
Target
XWorm-V5.6.zip
-
Size
25.3MB
-
Sample
250209-ay7kpayrdw
-
MD5
278f46d169c34e63c670df069261a331
-
SHA1
845e392a91e153be59387073c8ae34e3693e58e8
-
SHA256
ee0b405b3e166fa9c1062ac6bed228b4ca7f990ce2dc62305d15ae4b3e6e35f1
-
SHA512
da520eff0473baabd20cd44bbe29b40c787b493bca11bcd925019c82740fb0230e328fd77d12a41535293bc3579437f44b4a7f8902c33f78decbaa9befb842e7
-
SSDEEP
393216:sG6433DDU9Pr/rQSbu4s+tR2vQ5HOiPNKfsbQA1G7cjNAuR1Fwt2TWx4qXkiQo1H:tDUpzpbrj2vku68SQA1awAuvFGjUi/ZZ
Malware Config
Targets
-
-
Target
XWorm-V5.6.zip
-
Size
25.3MB
-
MD5
278f46d169c34e63c670df069261a331
-
SHA1
845e392a91e153be59387073c8ae34e3693e58e8
-
SHA256
ee0b405b3e166fa9c1062ac6bed228b4ca7f990ce2dc62305d15ae4b3e6e35f1
-
SHA512
da520eff0473baabd20cd44bbe29b40c787b493bca11bcd925019c82740fb0230e328fd77d12a41535293bc3579437f44b4a7f8902c33f78decbaa9befb842e7
-
SSDEEP
393216:sG6433DDU9Pr/rQSbu4s+tR2vQ5HOiPNKfsbQA1G7cjNAuR1Fwt2TWx4qXkiQo1H:tDUpzpbrj2vku68SQA1awAuvFGjUi/ZZ
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory
-
-
-
Target
RES/XWorm.Port.resources
-
Size
139KB
-
MD5
faf23924f3c859e9d570109d930928e1
-
SHA1
6003549ef256bac573ff809a9a5d967b8106f9ab
-
SHA256
bd3da4a9c29cb564c774bd8b8c0b79078f09b037cf2f3a8fa2566648f68a012c
-
SHA512
227f0c0245ff48955a1ba95fcae513237c1d4f548ccba955c4b26a633e7330a312fcdea474dc87f2847b51a3694427f5227f60a77dd5168760cf28b770ee3fd3
-
SSDEEP
1536:wi2AP+ew+ksEvCwVwLM+uvpIVyXJyozbGyMqmyVttdGFQeOPigp3dIHyYNSL:2A2ewhLapuvpAsZOyMqmyBeYVYi
Score8/10-
Downloads MZ/PE file
-
-
-
Target
RES/XWorm.ProcessV.resources
-
Size
67KB
-
MD5
abfd25fb3ace375c63f8e9cd4ecff32c
-
SHA1
d7b7f30bd62e17e1da6bad889b9f77d93c795039
-
SHA256
1e1b3bd4c4dfe056edf30fba8d6bbf94665e9bcf936ab06db79213e8b400b61f
-
SHA512
d8c0546d1ee9a35a7b8a3b9304ad63794b1e71d014f8c45145b60343f8140457a8711065f7a2aa87e68e1d564a45171425adab9b83adbe9491afe065d990fe0a
-
SSDEEP
1536:io7ETH1QatyHkrVOceYM4pjq9bTQPmbYakBxBW/7jpYaGs:VYLe7HkrVOilyTaxw7jpY7s
Score8/10-
Downloads MZ/PE file
-
-
-
Target
RES/XWorm.Programs.resources
-
Size
164KB
-
MD5
9f05c761cba903361771cea155ede6fb
-
SHA1
af0311816e6f1315bf29e5a42ac3d75adf71d115
-
SHA256
55c19900015145bee8c83f27ca58032550871a92047abf6166dbf547b6afa505
-
SHA512
d4e049c341deeb7376e7def96e071808c9e04e085171b46af7f7096f52cf4288df19d3c2aa2c87816a6eaf5feb3f2257bd58e93f582498ad8e4fd4bcc652859c
-
SSDEEP
3072:XfH6ZxP8NJAceI82I98CBCYLe7HkrVOiqyTaxw7jpY7s:XfH6ZxP8NJAceI82I98CBebq9TW7s
Score8/10-
Downloads MZ/PE file
-
-
-
Target
RES/XWorm.Proxy.resources
-
Size
108KB
-
MD5
d6e648329cd1473e66a01a9402e907d7
-
SHA1
ebe34259546be5638bde8ae75f96d6f70e3da62b
-
SHA256
ee84fb0146a0a7e6bb8506159eaf12fc2888ae87b0553e1cb031e044830584dc
-
SHA512
0d44e33084f163b0d56798ace44294825fd76478acf303ca03bbdf6dfa286cf8cd0677c50fc1a422073ec7498d13aeeaebfb89b1a4eefd55dd010c6c23c1a7ec
-
SSDEEP
768:+SEnnnXXXXHXXX/fffbyuyuyuyonnny/vXH/zLHvEppicZXvZZHf+m:+SEnnnHXXX/fff3nnny///zLHv6JZ/D
Score8/10-
Downloads MZ/PE file
-
-
-
Target
RES/XWorm.Ransomware.resources
-
Size
101KB
-
MD5
c653b8b3f18eb2a2882c2f3905b2380a
-
SHA1
62235a88bc833fe7a41c9da2e5766306a026e144
-
SHA256
bcea581804fc0d0e1d66c76a47f9b7bd40b81578bff0241bb4155a0c67486a46
-
SHA512
a01927f5a4f3b1d838919074c42125d60d6e50af3e876bf614f0dd264627234973ba4b642f30040332c328587340be82f6057a5130baa0d79851fede67069a4c
-
SSDEEP
384:r0vwtokwOdwq6upS9LvgUuYkYezHbMTb7+JZf5NXJAdDzMwA6jp:Y9XuYkYez67+JZ58zf
Score8/10-
Downloads MZ/PE file
-
-
-
Target
RES/XWorm.Registry.resources
-
Size
169KB
-
MD5
d098b950169502933b9ef1f417f25172
-
SHA1
8f40b86fa8a986588788676ecdcad5bf55c586d7
-
SHA256
ce34680ff2984c6c4766889684a358358711d2cdf3171813ff768d7f1c9c53de
-
SHA512
4a38f88db6a585d6a47e6da36ac8aceb15825453e5ff4804b2943be9e4053fb85206e473115e72a86c4b0c2d13fa9a1ae18ed7d96b52edd050e7e918fed33317
-
SSDEEP
1536:6s67ETH1QatyHkrVOceYMa7ETH1QatyHkrVOceYMJ:6NYLe7HkrVOipYLe7HkrVOi8
Score8/10-
Downloads MZ/PE file
-
-
-
Target
RES/XWorm.RemoteDesktop.resources
-
Size
99KB
-
MD5
0f5fc0694c9d76a6fd5b7e4158fd03e3
-
SHA1
aa7eb852f5743e456e5737ca25e7b75ca7349b42
-
SHA256
1dc136b225528fe4ee8020f46aa549e4bbdd76493d0579b6c1837d10acc3ba13
-
SHA512
af3c1ff80a247ac8ee6440ff4410460603430f24557dce392b90961b77a2d978b6b75a9a606ca433ce16cc565d07c2b5fc41413c1229147194b24bbc1869c67a
-
SSDEEP
384:rkvwKwq6uD0hAAAgAAAgAAAgAAAliIGzl8nnnJP5JJJJRetmJJJJ5gCnnnsjBy:rDnzly
Score8/10-
Downloads MZ/PE file
-
-
-
Target
RES/XWorm.Resources.resources
-
Size
1.6MB
-
MD5
34986e38b463873af40f694874c1f6d3
-
SHA1
8fa89cdb7a394cf8093d548ca9db4652c703ee72
-
SHA256
557058bd29a5eb55ef073ea9c4dec0baea1fd3f3f4bf2cdd5ee3dfd33735e93a
-
SHA512
c1b0278e8c21e5c28204f692a5cf5ed16c8ada0c6022d7d38e70905255f3aeb5d2c0fd4549f0ed19ead52aa0ced891a8f9372123bf5e1710be004958750874e4
-
SSDEEP
49152:OsP2WTJcLsk9Pk6gAK6BN2NQUe+ErnuVqjNhHXH:zuWTGLP9Pk6gAK6n4ldyNh3
Score8/10-
Downloads MZ/PE file
-
-
-
Target
RES/XWorm.RunPE.resources
-
Size
103KB
-
MD5
147c16f102addfdd7b756b8ee1558b82
-
SHA1
e9aa9624bb96d369aa905d14e03db625d17d00f6
-
SHA256
823554153d20aabf65c8635b7727dd6f26f14f79da929de9af8131314ec2c347
-
SHA512
2df2784f5284e0808224a58fec6e12f02a5e09001c77991bf643b4304d99b633a3511551ef42e2e64f1ad6e5de0a44ff2c3b358413dd6ea6a9b08c0dfc592c38
-
SSDEEP
384:rkvwKwq6u29Ax59IWzT9DfLtFbm44XdZcGe5Eas1gMVuM:D9Ax5x9vtFbm44XdZNeG3
Score8/10-
Downloads MZ/PE file
-
-
-
Target
RES/XWorm.ServiceManager.resources
-
Size
221KB
-
MD5
776d31cf63f902ede47ccd1e09c463cd
-
SHA1
a45e4761bc40019d6e5b72ece5d731c520d91303
-
SHA256
fc7906c147eb0066e6cee2a528ab531b6d0ad1eb0b0a4d2a32a1be422809ecb9
-
SHA512
f8f099d291b0ecab01d84d0c4f4480c7ea266cc79f1071d71c71ca3113f6c8594d82f192feb3b136be0e007542da1cc6a7b28b860bb3ee2e0e7747b75222bf0e
-
SSDEEP
3072:VqR3kbym/bBGIgEJjHbD1yLHpkv+GhSx7BQFgfMyd9tbYLe7HkrVOih:lbJGcJj7D1cJkPhCprxbq9h
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory
-
-
-
Target
RES/XWorm.Shell.resources
-
Size
130KB
-
MD5
a3fea8391774bbb0376e1f69eb6ee9d2
-
SHA1
96032202ca3dee1983d1990ae856112f8c832173
-
SHA256
7f71160fb4d68eda2e6af07f2b89416cd5668ffa5260dfbeb69391dfc5508586
-
SHA512
10a3c77631a0d1ee80198ffe430a0a389897201ef60a8f3e9beff5125545477d8ce6ea8fa5d186ef31dc4681b62048d71fcbb3106a88f22aaa08ee75de2c842c
-
SSDEEP
768:aoR1HiAxeglYAQ8BXIHDiJ9zUQI0xV3PrEiv/ewrmTIgdEM7XoSxSdL5NCc+Y:ayheg/Q8B59zUQISXnFmV+Ib81NJ+Y
Score8/10-
Downloads MZ/PE file
-
-
-
Target
RES/XWorm.Sound.resources
-
Size
189KB
-
MD5
d867ec78d12cbf85eca15722c1ffcca3
-
SHA1
90dc339c7ad81447758eadd2535298cfc2eb1bcf
-
SHA256
7d7ca0ead2e362c4b2b4e5e7799b0bd115eff66abe9f7bb184734444142bfd9a
-
SHA512
5bcbbccad3f71207e6c28784fa27e38d8c24c4d2edcdf3b55d5937974c63c9a8fe6ce311d6946ea13b669ade3c262f0c3bba82a330fbbb08a00bf066734ea638
-
SSDEEP
3072:njXXX////ePrLaPp5+SRqRN1SMLVivg1AGA8JlT6rZQnmmQo:RPp5jyNQMLAvkAl8JlmNV2
Score8/10-
Downloads MZ/PE file
-
-
-
Target
RES/XWorm.StartupManager.resources
-
Size
167KB
-
MD5
3e7ce35b2e085ba831d417d582b249b9
-
SHA1
63926a8d61ef3eb1e9408e9c531ce35adba66886
-
SHA256
73d138786a5f08114204491631867e44f5d1d60a683890509c7f69a78198c60e
-
SHA512
27a6de57b2c88a8d1119232ef123e728b4f1bf9aedaae8caa026bdce9541ef61c4c3d5a59fb4c7613febbae5f5e19ae754c51a4ae9176f2eca5dc03d938048ac
-
SSDEEP
1536:LasebR3b313F3F3goXjmtt32325JT8J8pjq9bTQPmbYakBxBW/7jpYaGS7ETH1Q0:L9eS5JyTaxw7jpY7SYLe7HkrVOih
Score8/10-
Downloads MZ/PE file
-
-
-
Target
RES/XWorm.TBotNotify.resources
-
Size
100KB
-
MD5
b219d1ee4ae25f781e5bc88165839987
-
SHA1
bcb30240b697493fd238c0d611081200a0abc3a0
-
SHA256
6ec33992edc80f131e4a9f7f89fe9c9dba233f7c3bda8ce6e06711021e8645fb
-
SHA512
e4d013c746ca857a135484d908fd2fca6257236b8b3cba8bc10209fdbb5f7cb3b595da15618f4713eb5cdeb7033772f72c22eb9ef5022c337d1dc3ebba67c746
-
SSDEEP
384:r0vwtokwswq6uTq4fffjfff+7f75ArrqWKwA+apJ:dfffjfff+7f78rqWnapJ
Score8/10-
Downloads MZ/PE file
-
-
-
Target
RES/XWorm.TXT.resources
-
Size
101KB
-
MD5
9cddc18b39b043d9542e5f0989faabf8
-
SHA1
afe5c5b7d6a978ac504ec272c1e8dcaaae1d5b34
-
SHA256
1ec2de5a4bb61ecb3a2e57da228d3c9f278853b21ead5553643bbaf6c6706b50
-
SHA512
b9da58a39c39cfa665e63af0ea206ccbdeaf7452f801b3d2d9bd89e643c3c729de172ff6f86b8389d94f2f0ae92153275f4cb1a30fc60fa93e5fdb717cfa4a8a
-
SSDEEP
384:r0vwtokwzwq6uCoAf+q7xVsFoSNDUSh+w6HvQdBeQanPw9h+w6HvQdBeQRzrh7ji:2iB7bsnWfffJFB
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Browser Extensions
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
1Component Object Model Hijacking
1