Extracted

• • Target

    740253f7075ea5e09021a78ff868d9c90931210aa12e2da91b60f1ea7380f759(1)

  • Size

    315KB

  • MD5

    754a0ca3356a8f76909cd9c5c41234d5

  • SHA1

    c3d9d52316b071f0db5ca9cd6999bfc06141795b

  • SHA256

    740253f7075ea5e09021a78ff868d9c90931210aa12e2da91b60f1ea7380f759

  • SHA512

    d1fdc37b367dd2dba4cb75021299c12c22064b40d48ba6250568727b565e73c7bbe03691bb0b288dc0b588679d6d9408bf7ff7bb60a69b26e41cf69c4c78fbe5

  • SSDEEP

    6144:K3B4ZXBhCirEL5BH46Zk16P9R8G1jqJ6TVKSK:K3BghvrELPH46ZAKjoQES

  Score

  10^/10

  xwormpersistencerattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2