Extracted

• • Target

    0x0008000000016c7d-14.dat

  • Size

    75KB

  • MD5

    462b4ff944b4c0a49a599bbf9b14ef07

  • SHA1

    ca336da45ccfabe9768a91a1e86a3addd42855ac

  • SHA256

    69c75fcc62bba3cdbfad6e0851fa249eb7ae0fbe1c50b16507dbb0573a2d6ae7

  • SHA512

    64ca6271d23c0875abbecdf84d24d1b95387f54fd7e94396b537a32d0c400efe26af293f7aac519111bf2a7c87cd8b1bc57ee7f7bf12baa5f1fdf2991dd7986c

  • SSDEEP

    1536:c+dEJ4UxcUy3ovRJ2tmU8p+sJzBt4D+bP4uJK4r5SycZt9OWOgs3pqPLr:c+dO/nRUuRlBt0+bPay63OWOgMGr

  Score

  10^/10

  xwormpersistencerattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral1behavioral2