Extracted

• • Target

    KING WEAPON.exe

  • Size

    653KB

  • MD5

    0c873d832bcfb08d023fca6ebe0e22de

  • SHA1

    0b18147315d176ed302ce2a3af814ad630831302

  • SHA256

    ebae2bd3c854a82d65b0db827fff81940e4a5876c9a536a7612fa3bedb38480a

  • SHA512

    1309e69d1ca57643946528b7747d40b5b2ab3f9c7c29168470afb690983813f8bf981a72f4e5f5ddd81260594ef3c8e37753eea13d75905b7c7e49db049faaf8

  • SSDEEP

    12288:+Vq3hWyjefPaWZE/sNG2c64EvUOMW2UgSgaMDOH8ogiSkXsXBhOdaEoIwEb59pJB:k7yjeHcr9O+O

  Score

  10^/10

  xwormrattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1