Extracted

• • Target

    0e079477b2c5072f876fabdd5339ce96ed42a55361fb445d1c9bbe1282bf4850.exe

  • Size

    679KB

  • MD5

    98a2d7aee74efe11a83e1514199a1346

  • SHA1

    758365522b6a9eebe7ec5a10f4f260d3ffcd285a

  • SHA256

    0e079477b2c5072f876fabdd5339ce96ed42a55361fb445d1c9bbe1282bf4850

  • SHA512

    3f0c83af88c1f2b067ad56d458719cc1641a6aa672eea68adb0adc6dd25f7306dc9b8e018021828f61d514d74437683671e23e9eb731d865007335ec403722b5

  • SSDEEP

    3072:gti/b34bfUYCZS6jBPbZ8L2SdoYBUBk1pfApjgrD1xJiS+F4Hsi2I/7X88eXrspS:P3ZS6jBPl8LDdSqIw

  Score

  10^/10

  xwormrattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2