Extracted

• • Target

    dialer.exe

  • Size

    47KB

  • MD5

    2530728c6d8aeca0eb4bec64aa90b7cb

  • SHA1

    c580e1636ba8db813c60c4e0a8b5489bc384656b

  • SHA256

    50a144b147bc8f85337ee152b0868b629f3ee81f744107a83a912198837572a6

  • SHA512

    cd1d46bc0ef6c9e2adea88e7ce0cac26ce06fedc646400e02ac80be2a4aa013c601a49b1f8cfe96d6c166818af1d17353bb0fbcd3ced14f9ef1df3dbb724148f

  • SSDEEP

    768:K1OJkJKa3MiJBDBboCTjJXHRrHiQPLx9Q6iPmhLOG1gXd:5kUojUWxLjx9QQ1OPXd

  Score

  10^/10

  xwormpersistencerattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2