MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e0008dddec3136ea48bf0b54b1f4908b9720e9c1651955d7d896ba09f8a1893. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

XWorm

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	2e0008dddec3136ea48bf0b54b1f4908b9720e9c1651955d7d896ba09f8a1893
SHA3-384 hash:	2317efca0f7875aa19c89feacba309e499484d9df5f9ae99a1624ae03fa6047cfc31ccc75235923bfcb11359d5345e67
SHA1 hash:	254f3da7684c156720b161e00bf55eb6ae3e19d2
MD5 hash:	9dfdc3ea69ab6a4da0e0f292dc7d5f48
humanhash:	nine-magazine-summer-october
File name:	asas.exe
Download:	download sample
Signature	XWorm Create hunting rule
File size:	454'656 bytes
First seen:	2023-06-12 09:59:54 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	341ef3eec107cf8949a849080b1bfce0 (9 x XWorm, 1 x Meterpreter, 1 x RedLineStealer)
ssdeep	3072:9Jvg7HfUQjfrnNsRgARpWOCHjkgRB+lyVaOmS41b+fc9bHcchyP/WQ+mNLylj:sjfbRiDVWjkLoafb8chqQma
Threatray	892 similar samples on MalwareBazaar
TLSH	T1D7A4B25A0AE93C10DC9FC52DA76F7DAC4392034A5A0274A906FF4C586B396CF21E5DCB
TrID	44.4% (.EXE) Win64 Executable (generic) (10523/12/4) 21.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 8.7% (.ICL) Windows Icons Library (generic) (2059/9) 8.5% (.EXE) OS/2 Executable (generic) (2029/13) 8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter	r3dbU7z
Tags:	exe xworm

Intelligence

File Origin

# of uploads :

# of downloads :

308

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

asas.exe

Verdict:

No threats detected

Analysis date:

2023-06-12 10:02:33 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/923746d7-135f-4d50-a597-f98c29e022ec

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/397899/

Detection(s):

Sanesecurity.Malware.28906.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Sending a custom TCP request

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/90338/overview

Behaviour

MalwareBazaar

MeasuringTime

EvasionQueryPerformanceCounter

Verdict:

No Threat

Threat level:

2/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/6486eca69f45f940f55382bf/reports/14aedccc-09a0-4574-bc06-03c2213c8b53/overview

Verdict:

Malicious

Labled as:

Tedy.Generic

Link:

https://www.hybrid-analysis.com/sample/2e0008dddec3136ea48bf0b54b1f4908b9720e9c1651955d7d896ba09f8a1893

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/709fe83a-4c21-43b6-86dc-523bc8ded509

Result

Threat name:

XWorm

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1252869

Signature

Antivirus detection for URL or domain

C2 URLs / IPs found in malware configuration

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Found malware configuration

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Maps a DLL or memory area into another process

May check the online IP address of the machine

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected Generic Downloader

Yara detected XWorm

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2e0008dddec3136ea48bf0b54b1f4908b9720e9c1651955d7d896ba09f8a1893/

Threat name:

Win64.Trojan.Tedy

Status:

Malicious

First seen:

2023-06-12 10:00:08 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

18 of 23 (78.26%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=fyaarxo6ymjw5jel6c2uwh2jbc4xedu4czizkxl5rfv2bh4kdcjq._file

Verdict:

malicious

XWorm

20f5555ef17b832d87ad56c5363868b805c4e432e8f68bfbe4cefd69e6f7dc85

XWorm

2b786b8895d814c5d825f4eac99b009eb6aa16f66f6e5191b023e4ebc99fda66

XWorm

53f99ccc4b2f86fbd235ebb718b1425017f23c01bc1a2b5ba39da3d4d21ab2b8

XWorm

54b822f44c243fc20adba10fb7b6b0e186cffa534df47c3d3daa47074a28dd65

XWorm

9a81ab49c6050ff00b7833246fd4727aa43b1d8b3c095549846157784103ea24

XWorm

df5958a9823d8990969a3a03a628e3e50eea124f457c38367a28202d3f431407

XWorm

+ 882 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://tria.ge/reports/230612-l1m5lsbc72/

Behaviour

Suspicious use of AdjustPrivilegeToken

Looks up external IP address via web service

Unpacked files

SH256 hash:

2e0008dddec3136ea48bf0b54b1f4908b9720e9c1651955d7d896ba09f8a1893

MD5 hash:

9dfdc3ea69ab6a4da0e0f292dc7d5f48

SHA1 hash:

254f3da7684c156720b161e00bf55eb6ae3e19d2

Link:

https://www.unpac.me/results/e6c38397-735b-44e0-8118-928442d4daeb/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/2e0008dddec3/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/2e0008dddec3136ea48bf0b54b1f4908b9720e9c1651955d7d896ba09f8a1893

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

XWorm

exe 2e0008dddec3136ea48bf0b54b1f4908b9720e9c1651955d7d896ba09f8a1893

(this sample)

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/397899/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample