Extracted

• • Target

    XClient.exe

  • Size

    73KB

  • MD5

    29489bd7b40f8fe8e9f8b5eef2e7934b

  • SHA1

    808421866619a366107a592dc4936e4a3fde404e

  • SHA256

    ee93b574812d8734c3b5eba01e7521a74010c8817f200781505b1002b789394d

  • SHA512

    dcf6ab092887cb0313a9dd8b3c5222e9d22d18d8efd24151627dc3fad56e0f812576ed9434c21853c2cb730412eb76ffb1c18689368e0ab34ba3e6e80287b1d2

  • SSDEEP

    1536:d3Qg91AbJLf+HOVvZ6T+bY+j/jDHIkMRytbaZORK0NLTBVhb8:agTA5JC+bYeLXAytbyORVLjhb8

  Score

  10^/10

  xwormpersistencerattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral1behavioral2