Extracted

• • Target

    Siege Anti-Recoil.exe

  • Size

    382KB

  • MD5

    8927b4c1ff38af9da8ba5eb8fd83137b

  • SHA1

    c2af615ba8ec9a25f69f2ebb46aa2e7ac7bd0ca1

  • SHA256

    ea55d13d71e1a071cf78a9c29b402b1d743f693a41bd1038b0f37b6d84c9cfb2

  • SHA512

    3a20fe9e74618310a2da5ab81b2d4de77f31fa3716d608b7c40190da8f70664ef9094b62909aaea7ea47ad47566aeec18979afa592c56ace88497f34ca41705d

  • SSDEEP

    1536:B97Xq5MP31toJnmId6+mg7PbuhB2M4Ojzlro:BAg3MZd6+mCbYmOjG

  Score

  10^/10

  xwormpersistencerattrojanransomware

  • Contains code to disable Windows Defender

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Drops startup file

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2