General
-
Target
Venom RAT + HVNC + Stealer + Grabber.exe
-
Size
14.1MB
-
Sample
250702-x5ke3azycv
-
MD5
b77382293386221aad5e4b668dd7fab9
-
SHA1
a073fae22d21cd8998f2f885adc716b216c7a5a2
-
SHA256
2c19ea543b98f4a8f690ce005a9e5e978d78f4234e9dc5e9d345b942ab1ca675
-
SHA512
0812a12dd6449565a5311829bb12c15dca3f0060f89c4eafdbb11af73d6d6ee0367d783a2b3635537da5197960a4183d44941ebb7cfb273c13fac760cebc7904
-
SSDEEP
1536:zgUfn+DhaKa72NY+Em5NFV96QH6TOzmoTS33yPR:z1f+c9kYzoFV96bOz5e33yPR
Static task
static1
Malware Config
Extracted
xworm
5.0
testarosa.duckdns.org:7116
Psgg9heSuYkiXVnu
-
Install_directory
%ProgramData%
-
install_file
WindowsDefender.exe
Targets
-
-
Target
Venom RAT + HVNC + Stealer + Grabber.exe
-
Size
14.1MB
-
MD5
b77382293386221aad5e4b668dd7fab9
-
SHA1
a073fae22d21cd8998f2f885adc716b216c7a5a2
-
SHA256
2c19ea543b98f4a8f690ce005a9e5e978d78f4234e9dc5e9d345b942ab1ca675
-
SHA512
0812a12dd6449565a5311829bb12c15dca3f0060f89c4eafdbb11af73d6d6ee0367d783a2b3635537da5197960a4183d44941ebb7cfb273c13fac760cebc7904
-
SSDEEP
1536:zgUfn+DhaKa72NY+Em5NFV96QH6TOzmoTS33yPR:z1f+c9kYzoFV96bOz5e33yPR
-
Detect Xworm Payload
-
Xworm family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-