Extracted

• • Target

    ZeroxStealerInstaller.exe

  • Size

    2.9MB

  • MD5

    9b1a7d9403b93f7a390d953c2785a9ed

  • SHA1

    0246222a9290cd73bfda0e402722a82d04507a43

  • SHA256

    97b156f53366d0aac2e46c97b8f7bb3efb1a541e0a923aed24c0f8e7d4c4ee25

  • SHA512

    fdf61c48deee07db3563859a934fd9238c3ed33bd68b180fbf46d121b233359b69d3ec6c370f0ca17bbdb444ec8a784985d54a06704dfe1ea22701124b0fc4b0

  • SSDEEP

    49152:qvo+8aGzQqDRtQH/vpxWIfKgVgVKkbmNoi7r+ogPpkZs/ohvc8q8IzIWvuA8KXAb:qh83dRtMvb/KgVLNNwRkVhBNIzWvKo

  Score

  10^/10

  xwormrattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2