Overview
overview
10Static
static
3Vanta Bundle.rar
windows10-2004-x64
Vanta Bundle.rar
windows7-x64
Vanta Bundle.rar
windows10-2004-x64
Vanta Bundle.rar
windows10-ltsc_2021-x64
Vanta Bundle.rar
windows11-21h2-x64
Vanta Bundle.rar
android-9-x86
Vanta Bundle.rar
android-13-x64
Vanta Bundle.rar
macos-10.15-amd64
Vanta Bundle.rar
ubuntu-18.04-amd64
Vanta Bundle.rar
debian-9-armhf
Vanta Bundle.rar
debian-9-mips
Vanta Bundle.rar
debian-9-mipsel
Vanta Bund...Me.txt
windows10-ltsc_2021-x64
Vanta Bund...Me.txt
windows7-x64
Vanta Bund...Me.txt
windows10-2004-x64
Vanta Bund...Me.txt
windows10-ltsc_2021-x64
Vanta Bund...Me.txt
windows11-21h2-x64
Vanta Bund...Me.txt
android-13-x64
Vanta Bund...Me.txt
android-13-x64
Vanta Bund...Me.txt
macos-10.15-amd64
Vanta Bund...Me.txt
ubuntu-18.04-amd64
Vanta Bund...Me.txt
debian-9-armhf
Vanta Bund...Me.txt
debian-9-mips
Vanta Bund...Me.txt
debian-9-mipsel
Vanta Bund...er.exe
windows7-x64
10Vanta Bund...er.exe
windows7-x64
10Vanta Bund...er.exe
windows10-2004-x64
10Vanta Bund...er.exe
windows10-ltsc_2021-x64
10Vanta Bund...er.exe
windows11-21h2-x64
10Vanta Bund...er.exe
android-10-x64
Vanta Bund...er.exe
android-13-x64
Vanta Bund...er.exe
macos-10.15-amd64
General
-
Target
Vanta Bundle.rar
-
Size
100KB
-
Sample
250328-h5ykcss1bx
-
MD5
b622d4beb1f53e776cbe210b5c0bd3af
-
SHA1
c7a09721ad876715a9c419db5da263fe3dc1d905
-
SHA256
ae790bbbadeb38db0e345970612a859e0b9888c976d798105a48a81ced48ff40
-
SHA512
460ee20a7e044e7351bcb6534823ea28f30de20e71192571ef351b72e559719efd2ffc70f176fe39cc8c03c4c9e52f5ee26aa3897f76cca403a0eb0b6d45cd86
-
SSDEEP
1536:e19R7X+Z3yNPvbCrWNHdUUYtboOeJSpL0VblnPwVa/YgL1m2msA+N40rEVc:eByZcDCWY1NoOlpgVdwMnL1ZmN+N4wEe
Static task
static1
Behavioral task
behavioral1
Sample
Vanta Bundle.rar
Resource
win10v2004-20250314-en
Behavioral task
behavioral2
Sample
Vanta Bundle.rar
Resource
win7-20241023-en
Behavioral task
behavioral3
Sample
Vanta Bundle.rar
Resource
win10v2004-20250314-en
Behavioral task
behavioral4
Sample
Vanta Bundle.rar
Resource
win10ltsc2021-20250314-en
Behavioral task
behavioral5
Sample
Vanta Bundle.rar
Resource
win11-20250313-en
Behavioral task
behavioral6
Sample
Vanta Bundle.rar
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral7
Sample
Vanta Bundle.rar
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral8
Sample
Vanta Bundle.rar
Resource
macos-20241101-en
Behavioral task
behavioral9
Sample
Vanta Bundle.rar
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral10
Sample
Vanta Bundle.rar
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral11
Sample
Vanta Bundle.rar
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral12
Sample
Vanta Bundle.rar
Resource
debian9-mipsel-20240226-en
Behavioral task
behavioral13
Sample
Vanta Bundle/Read-Me.txt
Resource
win10ltsc2021-20250314-en
Behavioral task
behavioral14
Sample
Vanta Bundle/Read-Me.txt
Resource
win7-20240903-en
Behavioral task
behavioral15
Sample
Vanta Bundle/Read-Me.txt
Resource
win10v2004-20250314-en
Behavioral task
behavioral16
Sample
Vanta Bundle/Read-Me.txt
Resource
win10ltsc2021-20250314-en
Behavioral task
behavioral17
Sample
Vanta Bundle/Read-Me.txt
Resource
win11-20250314-en
Behavioral task
behavioral18
Sample
Vanta Bundle/Read-Me.txt
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral19
Sample
Vanta Bundle/Read-Me.txt
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral20
Sample
Vanta Bundle/Read-Me.txt
Resource
macos-20241106-en
Behavioral task
behavioral21
Sample
Vanta Bundle/Read-Me.txt
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral22
Sample
Vanta Bundle/Read-Me.txt
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral23
Sample
Vanta Bundle/Read-Me.txt
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral24
Sample
Vanta Bundle/Read-Me.txt
Resource
debian9-mipsel-20240729-en
Behavioral task
behavioral25
Sample
Vanta Bundle/Vanta Loader.exe
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
Vanta Bundle/Vanta Loader.exe
Resource
win7-20241023-en
Behavioral task
behavioral27
Sample
Vanta Bundle/Vanta Loader.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral28
Sample
Vanta Bundle/Vanta Loader.exe
Resource
win10ltsc2021-20250314-en
Behavioral task
behavioral29
Sample
Vanta Bundle/Vanta Loader.exe
Resource
win11-20250313-en
Behavioral task
behavioral30
Sample
Vanta Bundle/Vanta Loader.exe
Resource
android-x64-20240910-en
Behavioral task
behavioral31
Sample
Vanta Bundle/Vanta Loader.exe
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral32
Sample
Vanta Bundle/Vanta Loader.exe
Resource
macos-20241101-en
Malware Config
Extracted
xworm
documents-johnny.gl.at.ply.gg:63203:63203
documents-johnny.gl.at.ply.gg:63203
-
Install_directory
%AppData%
-
install_file
XClient.exe
Targets
-
-
Target
Vanta Bundle.rar
-
Size
100KB
-
MD5
b622d4beb1f53e776cbe210b5c0bd3af
-
SHA1
c7a09721ad876715a9c419db5da263fe3dc1d905
-
SHA256
ae790bbbadeb38db0e345970612a859e0b9888c976d798105a48a81ced48ff40
-
SHA512
460ee20a7e044e7351bcb6534823ea28f30de20e71192571ef351b72e559719efd2ffc70f176fe39cc8c03c4c9e52f5ee26aa3897f76cca403a0eb0b6d45cd86
-
SSDEEP
1536:e19R7X+Z3yNPvbCrWNHdUUYtboOeJSpL0VblnPwVa/YgL1m2msA+N40rEVc:eByZcDCWY1NoOlpgVdwMnL1ZmN+N4wEe
Score1/10 -
-
-
Target
Vanta Bundle/Read-Me.txt
-
Size
1KB
-
MD5
86522812df51d3017058561672a30150
-
SHA1
bd9a42ebd79d8907888903374a8282e3d5b92e68
-
SHA256
cd23cd2d86159dbcf00c74a66d408412cde93d58d7c28f40d3665a7fcf917f80
-
SHA512
feb9673af43bc8b295d08aa3e6b33069ec1f3ad828cdf2acd38cfb871b515b7af01846b8d7004056f105a7bafa4b1b264eeb7d22e345df405bbe94f52022bf2c
Score1/10 -
-
-
Target
Vanta Bundle/Vanta Loader.exe
-
Size
103KB
-
MD5
7c55349ebd2e7a02bb00f3da322fe324
-
SHA1
b311a9f3bd9384b1f0670829f8542efe6ee36669
-
SHA256
9f3f1e2fb2144b98704d12094feec42ee6f17a12d934717cc2641bd22d711faa
-
SHA512
80569369c223bef0617ddd72136a998eb05f3ff4185f093b714efa73f97452160e18b97112a5471469159caab6189a023aa5f51e0cb29a4b3a3eb5613d746e47
-
SSDEEP
3072:+J5RlYgEN4yo/UnboOAFxb+9E/mvi/SREt:ql5WE9mv+A
-
Detect Xworm Payload
-
Xworm family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-