Extracted

• • Target

    XClient.exe

  • Size

    59KB

  • MD5

    d172c0a4ae3e8cef6a0a910bde62e195

  • SHA1

    51139fc633fe81a66c8ed55081f92ec5256bd0bd

  • SHA256

    94b65da2b5cc3728547f892a46e9c48c5d54477d10ea8e210304593acd3568e7

  • SHA512

    d82c930a42fd623aeee51007453d201e96110b546f1fb34080fc6d4c1488d71b3828f5f1833d347993444e4d332aa00fbb7b8922fce676d220375470ad0fa467

  • SSDEEP

    1536:9vv68xQQodoW8YTK6uDkbrfSVxwXSOqQ+k:1vjWQoGJYTK6CkbrfHSOqQ+k

  Score

  10^/10

  xwormpersistencerattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral1behavioral2behavioral3behavioral4