Extracted

• • Target

    Standlaunchpad.exe

  • Size

    110KB

  • MD5

    745b7dbdbd6d44cbbd767e5b3335a87a

  • SHA1

    9f5d3d1c05d62ffc4cbfcf15bf6e845c41b33737

  • SHA256

    96ee8c5eaec36b7ae55733448f42062d2a3b2f4fe2edefc53d5c59d0c603b2ab

  • SHA512

    953dec16fa072c62fb6cb93c7f9dd0f99dfc14aec5674c616f38ae583c2d7925f4a0de0f1d27f1a0c8b261d416d51d4a86f7b55af39cec75f8ced255b4a1317c

  • SSDEEP

    1536:DkX0MuRJbXxIM2px6EAtcOETYbpY/2WDbhst1L7a8w63JOx81nyynfr:DkLKtx3Ex6YOBbpYOWDbhsLauOxoPr

  Score

  10^/10

  xwormpersistencerattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2