Extracted

• • Target

    e01f8eba926374edca52502c8fb760cc1ac5fb70bd94c57123b05060fef13577

  • Size

    1.1MB

  • MD5

    5394d35793386641283a5bb8eae359c2

  • SHA1

    78a477bc165707e1f3d6b2ce2b70aa73ffbafa23

  • SHA256

    e01f8eba926374edca52502c8fb760cc1ac5fb70bd94c57123b05060fef13577

  • SHA512

    28dda180125dd48cfac34d37e5601a5fe47ac38f2d677fd15388602fb0526f402dbf5052327b9f2700d9ecf18e95003519accfd471abae6d780edf8188bb7764

  • SSDEEP

    24576:dkNGq8rz/q6tsP05X+ef1XeMiQA+NLVtk2Otk:YGpz5X+e9TNE2O+

  Score

  10^/10

  xwormevasionexecutionrattrojan

  • Detect Xworm Payload

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of SetThreadContext

  behavioral1behavioral2