xworm | Xworm-V5[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Xworm-V5.zip
Size

11.7MB
MD5

f07acfa3b107da68bad69c812f46c750
SHA1

8a0190c5275363e7595f20b4e5870ff4938f36c6
SHA256

f31b54cce625a6a33deb903119c3cf215f71f4b637d6a2526106f5454db488ec
SHA512

0bf7028c3a40b402112b349bdcba26d24b641b210f735468b7b44754d589a9e4b5635c357746f109647479f623c1686f06b23b2da7a624db7eb76e5c6e4c5804
SSDEEP

196608:K9GeDVI5DKBWZlkgJedYs6LtYdEhqTgKDiTJeszyxSL1kehn4iXJ3i:KkYVI5DK2NNs6LtYdEhSp0QcXRka4ic

Score

10^/10

agilenet xworm

Malware Config

Signatures

Detect Xworm Payload 1 IoCs

Processes:

resource yara_rule

static1/unpack001/Xworm-V5/Xworm-V5.6/Xworm-V5.6/RES/XWorm.Resources.resources family_xworm
Xworm family
xworm
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
agilenet

Processes:

resource yara_rule

sample agile_net
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/Xworm-V5/Xworm-V5.6/Xworm-V5.6/SimpleObfuscator.dll
unpack001/Xworm-V5/Xworm-V5.6/Xworm-V5.6/Xworm V5.6.exe

resource	yara_rule
static1/unpack001/Xworm-V5/Xworm-V5.6/Xworm-V5.6/RES/XWorm.Resources.resources	family_xworm

resource	yara_rule
sample	agile_net

resource
unpack001/Xworm-V5/Xworm-V5.6/Xworm-V5.6/SimpleObfuscator.dll
unpack001/Xworm-V5/Xworm-V5.6/Xworm-V5.6/Xworm V5.6.exe

Files

Xworm-V5.zip
.zip
Xworm-V5/Xworm-V5.6/Xworm-V5.6/RES/XWorm.MBox.resources
Xworm-V5/Xworm-V5.6/Xworm-V5.6/RES/XWorm.MIC.resources
Xworm-V5/Xworm-V5.6/Xworm-V5.6/RES/XWorm.Maps.resources
Xworm-V5/Xworm-V5.6/Xworm-V5.6/RES/XWorm.Performance.resources
Xworm-V5/Xworm-V5.6/Xworm-V5.6/RES/XWorm.Port.resources
Xworm-V5/Xworm-V5.6/Xworm-V5.6/RES/XWorm.ProcessV.resources
Xworm-V5/Xworm-V5.6/Xworm-V5.6/RES/XWorm.Programs.resources
Xworm-V5/Xworm-V5.6/Xworm-V5.6/RES/XWorm.Proxy.resources
Xworm-V5/Xworm-V5.6/Xworm-V5.6/RES/XWorm.Ransomware.resources
Xworm-V5/Xworm-V5.6/Xworm-V5.6/RES/XWorm.Registry.resources
Xworm-V5/Xworm-V5.6/Xworm-V5.6/RES/XWorm.RemoteDesktop.resources
Xworm-V5/Xworm-V5.6/Xworm-V5.6/RES/XWorm.Resources.resources
.vbs
Xworm-V5/Xworm-V5.6/Xworm-V5.6/RES/XWorm.RunPE.resources
Xworm-V5/Xworm-V5.6/Xworm-V5.6/RES/XWorm.ServiceManager.resources
Xworm-V5/Xworm-V5.6/Xworm-V5.6/RES/XWorm.Shell.resources
Xworm-V5/Xworm-V5.6/Xworm-V5.6/RES/XWorm.Sound.resources
Xworm-V5/Xworm-V5.6/Xworm-V5.6/RES/XWorm.StartupManager.resources
Xworm-V5/Xworm-V5.6/Xworm-V5.6/RES/XWorm.TBotNotify.resources
Xworm-V5/Xworm-V5.6/Xworm-V5.6/RES/XWorm.TXT.resources
Xworm-V5/Xworm-V5.6/Xworm-V5.6/RES/XWorm.TcpConnectionForm.resources
Xworm-V5/Xworm-V5.6/Xworm-V5.6/RES/XWorm.ToolsBox.resources
Xworm-V5/Xworm-V5.6/Xworm-V5.6/RES/XWorm.VBCode.resources
Xworm-V5/Xworm-V5.6/Xworm-V5.6/RES/XWorm.VoiceChat.resources
Xworm-V5/Xworm-V5.6/Xworm-V5.6/RES/XWorm.WebCam.resources
Xworm-V5/Xworm-V5.6/Xworm-V5.6/RES/XWorm.ngrok.resources
Xworm-V5/Xworm-V5.6/Xworm-V5.6/SimpleObfuscator.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Xworm-V5/Xworm-V5.6/Xworm-V5.6/Sounds/Chat.wav
Xworm-V5/Xworm-V5.6/Xworm-V5.6/Sounds/Intro.wav
Xworm-V5/Xworm-V5.6/Xworm-V5.6/XWorm V5.6.exe.config
.xml
Xworm-V5/Xworm-V5.6/Xworm-V5.6/Xworm V5.6.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rsrc Size: 1024B - Virtual size: 948B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 5.2MB - Virtual size: 5.2MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 1.4MB - Virtual size: 1.4MB

.rsrc
Size: 1024B - Virtual size: 948B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 5.2MB - Virtual size: 5.2MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B