Extracted

• • Target

    wefwf.exe

  • Size

    57KB

  • MD5

    ee3d8afb08a2a88928c2b3edaefef4b5

  • SHA1

    7224ca79a5675b2d097b112ac05cd295cfabdb59

  • SHA256

    bd0232d8961ab07c52d33c336b2ae22801537def43785e959eb4982149983b9f

  • SHA512

    1e052b8b72e8912a6917049108df7639983d81b39cce266ef3d45fdef213af3eea585db05050635baf4da4c734f49a7cf544faf0923293ed9fc9c55e6e9f60c6

  • SSDEEP

    1536:regNzd4DXSx6euMSgbqMvdFeUEG6jOqaX:SKzd/Q8TbqKhELOq+

  Score

  10^/10

  xwormrattrojanstormkittydiscoveryspywarestealer

  • Detect Xworm Payload

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2