MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 96abd6a3639256ee1af74f2a6d7cacde5a0820e5003f37995df5459d6c11cd7c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


XWorm


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 96abd6a3639256ee1af74f2a6d7cacde5a0820e5003f37995df5459d6c11cd7c
SHA3-384 hash: 3dab1a8cc7e8cad7167c183643e1bf5931d2d3d7098dd94473830c5fb8733c53640e402c7c1bc9602ea9896db460b609
SHA1 hash: 80bd281f61f7078100de1b60a018b239b1d8764f
MD5 hash: c85849aeaf9774af6fc6a5877b52a3bf
humanhash: alabama-venus-apart-romeo
File name:5a727248fe722916946596cd5dbad79c52753b9eb964e90593ff5f75940a481a.zip
Download: download sample
Signature XWorm
Create hunting rule
File size:479'183 bytes
First seen:2023-08-24 08:12:01 UTC
Last seen:Never
File type: zip
MIME type:application/zip
Note:This file is a password protected archive. The password is: infected
ssdeep 12288:/JGBsjzVBtn6DhBSju6MLh/gk+Jwr0Zr7grMPitOA:/JGBsvt6tBYV6hYwrg/gr5d
TLSH T128A4235B1E03A3A0744BBFE64637B944E6CFB63F59B5C8063587186D8D6B304232F9A1
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter Anonymous
Tags:golang xworm zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
124
Origin country :
AU AU
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:5a727248fe722916946596cd5dbad79c52753b9eb964e90593ff5f75940a481a
File size:2'004'875 bytes
SHA256 hash: 5a727248fe722916946596cd5dbad79c52753b9eb964e90593ff5f75940a481a
MD5 hash: b94099c18a56c2984918dbdac0ce94ec
MIME type:application/zip
Signature XWorm
Vendor Threat Intelligence
Result
Verdict:
Malicious
File Type:
ZIP File - Malicious
Link:
https://app.docguard.net/96abd6a3639256ee1af74f2a6d7cacde5a0820e5003f37995df5459d6c11cd7c/results/dashboard
Behaviour
SuspiciousEmbeddedObjects detected
Gathering data
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/96abd6a3639256ee1af74f2a6d7cacde5a0820e5003f37995df5459d6c11cd7c
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/96abd6a3639256ee1af74f2a6d7cacde5a0820e5003f37995df5459d6c11cd7c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/96abd6a3639256ee1af74f2a6d7cacde5a0820e5003f37995df5459d6c11cd7c/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=s2v5ni3dsjlo4gxxj4vg27fm3znaqihfaa7tpgk56vcz23arzv6a._file
Result
Malware family:
xworm
Create hunting rule
Score:
  10/10
Tags:
family:xworm rat trojan
Link:
https://tria.ge/reports/230824-kq1ghsbc76/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Executes dropped EXE
Loads dropped DLL
Xworm
Malware Config
C2 Extraction:
45.61.130.7:1010
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/96abd6a3639256ee1af74f2a6d7cacde5a0820e5003f37995df5459d6c11cd7c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments