Extracted

• • Target

    gunlock.exe

  • Size

    3.8MB

  • MD5

    2d782e1ae0230a26e52c319e6b103709

  • SHA1

    de5c7ffc4363df7a1f84791a59d42da63e9c7aca

  • SHA256

    89ec4e1db8ccb4e1f79ba9afbfa8ee5a776b0cca7a17832f145025efaa22eb33

  • SHA512

    f34c389cdfcaa472e0979d07f2869e1820d9e1cd242cf339934a10f25d9daf125be793a1a29323509f83fc807067038a336b28075e68f434cc818016d4762064

  • SSDEEP

    98304:pVKwq9PthVFqvxdjjofjUIrzdAHHChuRk:Lq4vPof3nenChuu

  Score

  10^/10

  xwormrattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2