Extracted

Extracted

• • Target

    ORDER DRAWING AND PHOTOS.exe

  • Size

    2.0MB

  • MD5

    395bb950d2979e4c3911d90852c06345

  • SHA1

    2a693150907af200bbf8582a69e663d23249c7d0

  • SHA256

    1adbc19898a40ae7f2c6fd9a6d1c502c7152ba6b04d4584e2c7476606f9b24ff

  • SHA512

    d95b46177b0820f286e99f647ff398788d24502885fc2b63fe19dfb1a58d7ae15cabd2749ab00b709b37a3fb75b9ccf28628ad2f686a507fc1142486a8f32b61

  • SSDEEP

    12288:xkNH+OOlsur4fwML7K6yD210eS+Fl1DkjGKUuU6Sn:mH+D+Hb3K6yD22eTl1oj1UYq

  Score

  10^/10

  latentbotstormkittyxwormdiscoveryratstealertrojan

  • Detect Xworm Payload

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Latentbot family

    latentbot

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Stormkitty family

    stormkitty

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Suspicious use of SetThreadContext

  behavioral1behavioral2