Extracted

• • Target

    X4346Client.exe

  • Size

    324KB

  • MD5

    69a723ed4cebb6e779ab62ab7bab37d3

  • SHA1

    9e8f497fcf03dbd293c518557f6f503015c62276

  • SHA256

    ff7efaae950c46e62c7c47a36c2678d1411acf80b92dec3be5c5fe53c6f74874

  • SHA512

    084b89f8318a85642917982d661530ac7c67d45ed48725e52040d7ce204025f1099688985fb34e65844d4deda0db6e62b01f46cfe486f9587a231559e14210b8

  • SSDEEP

    6144:Sjyrvh/bjV/5iZcBCqYg9HF0VRlQCvcL8qz00AGiULo+vRZ7qm+DJrOHMy:SjyxVB0g9l0VRlQD7zqGi0RZ1+DwHM

  Score

  10^/10

  xwormrattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2