Extracted

• • Target

    niggerrr.exe

  • Size

    71KB

  • MD5

    2b3441d27d8a96970ea867ab84cef2e7

  • SHA1

    54916a2729755a39d080cb48617fb08217141475

  • SHA256

    f6228a8e5e1e92dd2bfa5b193ff2b0975d5f9e883e73eaa61271e682016dbeac

  • SHA512

    173c22c05093bef0e38d391a727fd075dc42771b09a5e2b16e8f54d380c98e2cc4440810c63e47bdded885107e2e231f13136a84e892cbb70e40f2945a23e2b9

  • SSDEEP

    1536:j7BMt05k2bN0i0q/y2uJaloU0+bgwju0AQzJyk+8yOerQivaaSGW:j7B605tSi3D0+bzByj8yOUTvpW

  Score

  10^/10

  xwormpersistencerattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral1behavioral2