Extracted

• • Target

    chervyaaak.exe

  • Size

    1.3MB

  • MD5

    4ece56f7bf1036d1333b4ffc03e3d4d5

  • SHA1

    93999acd5ac4629986cc60a61ed5132204212b4f

  • SHA256

    4caeabf74ac33592cc6da24542824b9ff7e02a7d74fb0599f03b42f6b07c233e

  • SHA512

    655d6284941d2b8b3407593b41d13e4e5ec0e1e3abde5f2b66be33ac84006216e606a0b29930cd80e28f7bc60cc568732ac5c54291de861d5746b2af2bbad2c6

  • SSDEEP

    24576:a9Q4hCdYgL+MDg5tDr1/v1YLyIa/PeIq:apDgxUt9iLyNe

  Score

  10^/10

  xwormpersistencerattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1