Extracted

• • Target

    fefdc209dd00aa6b367c278e8f8fe4f8660336d60d89d4691bc87c79a14006e4.exe

  • Size

    49KB

  • MD5

    bc0114849adf8a6d23e9f2e9f1f9cde2

  • SHA1

    7566c1ff77a92f42c4464dcec68a1908a32fee9d

  • SHA256

    fefdc209dd00aa6b367c278e8f8fe4f8660336d60d89d4691bc87c79a14006e4

  • SHA512

    a5271f943ba8ff980d5777eaef5ebf86ba9d1b62d6b83d4f45e94424ac5b72a24c1969c4deeb683b04ffc6acba70f90b6ffda0260fdb2ba118d9d5dd1c54f61c

  • SSDEEP

    1536:jNxkpGR8oLLWSr/zbMLiZsbe3PyrlOl8810E:jNSpQbFr/zbMuZs/lOl8810E

  Score

  10^/10

  xwormpersistencerattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence
  behavioral1behavioral2