Extracted

• • Target

    проверка на читы.exe

  • Size

    77KB

  • MD5

    01bc479b1b988b0183c676fa6f2a6d69

  • SHA1

    e2837756d107c3514f4adcc25fa657e697f332eb

  • SHA256

    2a27bff36479de7fdf902b02266bbc4c92a1a2a627d2f9d5d1c7f6f53b385712

  • SHA512

    29bac859f7d4ea582d60b7c454684bf7999119666668b5d5721c5a717408d88ed3a19288ea2f4476b27fef0c8f6f6fafba0a4f9811445f5edf61e681a2aec05f

  • SSDEEP

    1536:kXofT0eL/qHndN0DZKp+bCIA0NYZ6u2IOEar5r8PzUt:ObuMwD8+bfOnOnr56M

  Score

  10^/10

  xwormexecutionpersistencerattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral1behavioral2