Extracted

• • Target

    260e5d45c87a65a323a83299f4e506c1.bin

  • Size

    86KB

  • MD5

    260e5d45c87a65a323a83299f4e506c1

  • SHA1

    1e097fababd5f0b148063c0f782ed24fb9ce2eab

  • SHA256

    8f94583eec5aca659887cce2919cb9df83d30902b7dfd0739652b5b34a9a9834

  • SHA512

    b2c47682b9c226b156a25be0682be0bdd6fbe300f7551886e5eb4b250534fb7635f6b6255174305ba3e74be502c1a6a867c0b4d8597ad648fab2d42536795dba

  • SSDEEP

    1536:XMu6hjMcUsFZ59lJbtEq0d+bKR3F1rhCG60TPDhqNZyMOJKTfdV2jPbf:XMTN9ZB5E+by1rqNYMOJKRV+f

  Score

  10^/10

  xwormpersistencerattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral1behavioral2