Extracted

• • Target

    5e2867075ab2ebe3b5d8b1648edabbf490a04ffc7de8808af20ae7729bc78950N

  • Size

    2.6MB

  • MD5

    ea05c6995e79aae43764232ef54421f0

  • SHA1

    8b6c4ec447bac2dddda3cd217fb694167999f845

  • SHA256

    5e2867075ab2ebe3b5d8b1648edabbf490a04ffc7de8808af20ae7729bc78950

  • SHA512

    e8c93c4d0c019ad8240dafe38e178346f334a9274faec09affc344cbd89d88761ad38531a309ca50068e995b4619f8be65d1acf91ee1565262be33ebce8f9556

  • SSDEEP

    24576:Z5UPamUFkoXq5W3CQutB4a3R+Bolg0n1SIO/WmnlmSjviIGLnr5UekMl2:Z54amUuoXKOsB49l0nwI7mRGLdmMs

  Score

  10^/10

  xwormpersistencerattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2