Extracted

• • Target

    DeltaCrack.exe

  • Size

    76KB

  • MD5

    331b5c6dda37833f554e5e6c9d44e3f1

  • SHA1

    fffef041a29de6e8074892d5ffdcc9fca9baf297

  • SHA256

    cd9f53b64227c1bd9aac338ca4c2f52f62dfe709b5daa1ec2356ea423f7abcae

  • SHA512

    5b1a5c7890d254c67daabbcc470bd816520f65fdaa11bf1f49756ca236685005cdb0c22454842f3610f80c0e1d566632be0a75bff8c54bb301524332bcfc136c

  • SSDEEP

    1536:LuEnJn49wJcmzpafAuQRmYr+bSeRCNWXnn64TTEOm9i2W4YL:yEd0ucfAvwYr+btCwXFYOT2W7L

  Score

  10^/10

  xwormexecutionpersistencerattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence
  behavioral1