Extracted

• • Target

    BootStrapperV2.exe

  • Size

    86KB

  • MD5

    18b7c253c7155c93a21a35a8f9389596

  • SHA1

    5addcc53bf95e2f5fe72d4770b093f6262daeb55

  • SHA256

    6c6218309f99b7daa7627c2f940f7f07e49eac4a868759cddda6a004e0e10a2e

  • SHA512

    529bd396899184ca4b07a5d4fb2bfe1982c2d44fc4c24d3a15cf5f600c41fee49f3ce9f0798f47ce7b1482eacb23a33b9e2734e740a22924f52156b6e29b9608

  • SSDEEP

    1536:hXARphtCCV1k1n8MZ0BNWL0pBfrICZFQECHNctTrzuaLi2vQPvG/UvI5MmmZu1Ac:huB1pi0XWikCZ4ctXzdvQPv0UIud8ArC

  Score

  10^/10

  xwormdefense_evasionrattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Obfuscated Files or Information: Command Obfuscation

    Adversaries may obfuscate content during command execution to impede detection.

    defense_evasion
  behavioral1behavioral2