Extracted

• • Target

    hirrew.exe

  • Size

    77KB

  • MD5

    f8104d6800c12ee73a8991c881b73a15

  • SHA1

    87d9c597eb8b22835bc8e94ca89513b3ab9a2512

  • SHA256

    db1d01443d81fe4daffb7f22967b64b6f66bc5cb3a0476b99b9b5da749a8727e

  • SHA512

    5496d235ea82d53c17ceb5cd09ed1f4993e27f3f963317f48de5e1836facec22f1a8f89818788d38ec3f15523fd526d301ddb432228a8b7eb49f8a527b5af439

  • SSDEEP

    1536:+bqI97eJvslTBuTplpXkbgg8smj7pYOO9FzBSPR9+1YGqS:+bqU74vslTcpXkbg//uOO9FzBSPR93LS

  Score

  10^/10

  xwormpersistencerattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral1behavioral2