Extracted

• • Target

    Deanonn by nazar 2024!!! +key.exe

  • Size

    67KB

  • MD5

    eafc6737830999d00a40a86049561243

  • SHA1

    a93b09e934e340f533c2d6b4ddc7b6cb85773e5b

  • SHA256

    ac86f775c65dffbaa91ad0dd4777d10feffef7f0088e73300940953f26a479d7

  • SHA512

    88137c28e1f618fc4fbbd2dc386c83b965cfab5c215d9277eb67afa14fd5c9d61f914c033dc24698c13fae435419f3843313086e35737ee38769a54f31613183

  • SSDEEP

    1536:7flEdkZzr89H2WwvAU6fFBxlTbeUgDf/c6gKO894Vj7cEgP:7f3w6297xbeVDf/bO8CVjvO

  Score

  10^/10

  xwormexecutionpersistencerattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2