Extracted

• • Target

    2fa8baf79308b175ec6b04ca9d70a91c202bfa3b169157ec372f71b2ba002367

  • Size

    32KB

  • MD5

    f573c0949b395692b86f25748c749c89

  • SHA1

    54476d5e6d297492c421b68196e68fb789448d42

  • SHA256

    2fa8baf79308b175ec6b04ca9d70a91c202bfa3b169157ec372f71b2ba002367

  • SHA512

    82a0ae8f63c854bd167c181103f6186ca604f7d2e21a66e90277525c35f239a593cbda8d88323d6f4b67c38f34805fa9eb8d252604e58cc4f4c95cdc3c28a3ed

  • SSDEEP

    384:hhIqUdK0oMtQHXNVc2LABiep2E00f3RaNR+gtFqBLTm9JZw/WyxvDe/uexO/hi/d:j3LMsBABiAn5OZFh9BLO/hi/NUux

  Score

  10^/10

  xwormrattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  behavioral1behavioral2