Extracted

• • Target

    ORDER REF_47806798 .exe

  • Size

    1.1MB

  • MD5

    b1409192281b85ae112868f828087864

  • SHA1

    a6e85b73dfbc0494f435fe2e78bdb4977a4a2fe5

  • SHA256

    3721299ab8cab7453d4781c5d3acc4304dffd8335164fbdfc31c80959cb0b35b

  • SHA512

    509ad61d75da81b46ce50ab32f787b6bbf0763a5dfe9e7c2ce0791b7a5006af8529c3b54fb3ec76a3709dbf8b9562b1150fae50a59bf9eb2f56529b98ea56ebf

  • SSDEEP

    12288:1CaR45KgL9fLyT+o2+gmuQIIq65/PKtfCnbMtqL:c2gBfLxHBQIf6pihCIc

  Score

  10^/10

  xwormdiscoveryexecutionrattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops startup file

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2