Extracted

Extracted

• • Target

    SecuriteInfo.com.Win32.CrypterX-gen.17534.23664.exe

  • Size

    464KB

  • MD5

    52625f5f6f0a73342fd19a10946563be

  • SHA1

    b048bc9baf7e11f4b65c779e8eada27244c13bb8

  • SHA256

    bd749917837b3e6a48c15277cb0d5b39fd0c89e4f52be26a72e30b11816fc895

  • SHA512

    39c0b784c663e30ff14bcaa5ee40a4dcde9303bab810e2253678f554bc4514836efd49b61175e307a6772142394b94ed1f5455dabbe28a295d61c8255ecbf8c4

  • SSDEEP

    6144:3ivSaPZbhGa/X/gSEmepzPuAPJvmdXKWXlpsSj1ddDYFkFnT9PCqgiRKovv:zaPZbEeX/3etPJsvsmKY9qqpjv

  Score

  10^/10

  latentbotstormkittyxwormdiscoveryexecutionratspywarestealertrojan

  • Detect Xworm Payload

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Latentbot family

    latentbot

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Stormkitty family

    stormkitty

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2