MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 79896ab9ec1fad79d24bf3d9cea0565d06f2b0f8119af8d1d7da98f167cd399a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


XWorm


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 79896ab9ec1fad79d24bf3d9cea0565d06f2b0f8119af8d1d7da98f167cd399a
SHA3-384 hash: b45549837745b9b71e82c261e1d8383eaca9ab5755fb9b62f0d04b7081fd34d89380bdb69bf54de09d25bd38eb83d3b9
SHA1 hash: e524f4dbe5dc88a30fac0b4b10f620492e56c8bb
MD5 hash: 4b361e8c05f68aff9c1a5371ea9c52ab
humanhash: alpha-summer-california-july
File name:screenshots.img
Download: download sample
Signature XWorm
Create hunting rule
File size:1'245'184 bytes
First seen:2024-02-08 15:53:45 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 96:5dLQzhTUkktZ0K7iuXLE2kR1sosoBTf8f:PLsk00E2kRaBOU
TLSH T1C445258277F41606F6B36B3549B461254ABEBC266A79C64D369C020E0FF3B41CD70BA7
TrID 47.8% (.ISO/UDF) UDF disc image (2114500/1/6)
46.3% (.NULL) null bytes (2048000/1)
5.7% (.HTP) HomeLab/BraiLab Tape image (256000/1)
0.0% (.ISO) ISO 9660 CD image (2545/36/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
Reporter malwarology
Tags:img xworm

Intelligence

File Origin
# of uploads :
1
# of downloads :
107
Origin country :
US US
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:SCREENSH.VBS
File size:2'848 bytes
SHA256 hash: 5d396ac219738c90a4d80fd423f91470994f2c13a49f7d20f0720e62a5734a0c
MD5 hash: eefbf3700312a44c673c7724667f3566
MIME type:text/plain
Signature XWorm
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.PUA.UDF.VBS-1.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/65c4f91c04c91578fab06578/reports/1987363b-5e5d-4286-99e8-02f9066acf02/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/79896ab9ec1fad79d24bf3d9cea0565d06f2b0f8119af8d1d7da98f167cd399a
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/79896ab9ec1fad79d24bf3d9cea0565d06f2b0f8119af8d1d7da98f167cd399a/
Threat name:
Script-WScript.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2024-02-07 16:01:41 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
8 of 24 (33.33%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pgewvopmd6wxtusl6pm45icwludpfmhycgnpruox3kmpcz6nhgna._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/79896ab9ec1fad79d24bf3d9cea0565d06f2b0f8119af8d1d7da98f167cd399a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

XWorm

zip 170a64863ea4d4e5ffb1bfde801c315c1b12b3c34f4cb43872f63dbdb6da8285

XWorm

img 79896ab9ec1fad79d24bf3d9cea0565d06f2b0f8119af8d1d7da98f167cd399a

(this sample)

XWorm

Visual Basic Script (vbs) vbs 5d396ac219738c90a4d80fd423f91470994f2c13a49f7d20f0720e62a5734a0c

anyrun
any.run
https://app.any.run/tasks/d75d32b7-884b-4f30-a31d-29b46d54a7b8
  
Dropping
SHA256 5d396ac219738c90a4d80fd423f91470994f2c13a49f7d20f0720e62a5734a0c
  
Dropped by
SHA256 170a64863ea4d4e5ffb1bfde801c315c1b12b3c34f4cb43872f63dbdb6da8285
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
MD5 fcc68fe01caefe172e2348a77c462a30

Comments


Avatar
Kasibe commented on 2024-02-08 16:27:13 UTC

H-worm