Extracted

Extracted

• • Target

    PanelExecutorV11.exe_bound.exe

  • Size

    196KB

  • MD5

    383c7f9f75adf2764857393fbf1f21e3

  • SHA1

    cf6f36d1fe32d2e584c64cc191324385d6944766

  • SHA256

    ee75d0a55a2e0c16ab8d9b7e732b1e1532b5ef699889632637c7ea41b75d6027

  • SHA512

    9d9efd77f4a3aa4663bc3568077e76bb11791e20bebd3ef6d83155b3045936d430651b839e6f498bae937b3af8c5a07a64876a9ba043043c8dd3856004c367ba

  • SSDEEP

    3072:dsWe7t0jzKDDeJIdUEBaFwBGDT2ybboZPs1MoUD+N5GPKLi1dgj:2nlnPdpaFwBGDKybb4PUUDW5GPn/

  Score

  10^/10

  xwormevasionexecutionpersistencerattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Disables Task Manager via registry modification

    evasion

  • Drops startup file

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1