Extracted

• • Target

    nigger.exe

  • Size

    58KB

  • MD5

    abb96dc265c42a9e9357b69cd911ffce

  • SHA1

    96a3619977f5b58a1cede6b960adca942e82d4e6

  • SHA256

    53fa4aaf3bd78521f9d402d0c793078353e6ff8f9d0ff7efcd8c686c79c69560

  • SHA512

    c56af566bb3ddf2731daa2a74936f0500b32ee36bd8184ee7c17924c9ed730b64bd4552a91fc55b870754e49196a30e6d414ba77bee960b18d4c9136e51087fb

  • SSDEEP

    1536:Bvf7dvzwTr1JVEUrq1xLAhhaL5b7JkbutjkfZNJN99Opv8gJaed:Bvf8CUrqMhILjkbu4Nn99OpEgTd

  Score

  10^/10

  xwormpersistencerattrojan

  • Contains code to disable Windows Defender

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2