Extracted

• • Target

    Raven Tools/Raven Tools.exe

  • Size

    105KB

  • MD5

    2823fd1cfb783a1905eac437b0bb0bd0

  • SHA1

    81aa39cbb201c5ef8febaf9943501575a170abfe

  • SHA256

    b2b3089fbc8c17871abb47f248b487459f73c1944278da81bd64ca89fc5c24e1

  • SHA512

    88c2b2a6e9edf76922b45e645cb9486debf698df4034c17e8891fac2754d486f7c479b702d8a4e0947c55ba71ffd9406f4fb0edb5f1cf455ea2fa287b01f032f

  • SSDEEP

    1536:chIzRsPbIk/RV/ovahCX4Aps8bljMJIf6ShOIEpOZetiRpc5+i+qVQY:cSk/k9oAnbljMC6tpOZe0pinr2Y

  Score

  10^/10

  xwormrattrojan

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1