Extracted

• • Target

    fortnite .bat

  • Size

    571KB

  • MD5

    73f587e1a81276175d5e6560e6d6b18c

  • SHA1

    843d9c158c1942d8bd8348a36934cf9307aae7cc

  • SHA256

    6c0f00683ba47c5fcaef71626aefb1b0ac6f006888a3611222db1052f8a05ffd

  • SHA512

    ed1371fe6e1b9c4ee6a5797d25559c54c3d5709298f17fbd2b7ae472688f2cb6224d5a87ede31e565fe40731336a46db9bc0363b65859c64035117d5d3404bb6

  • SSDEEP

    12288:RvkWtm4kNF0x6e2K2/SZAh9R5x3UEOM+2SoWDjsnlLOS6+7nkCzTdU8F+pptww9r:Uxo9I32QfMD

  Score

  10^/10

  xwormexecutionrattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  behavioral1behavioral2