Extracted

• • Target

    37df6c75773a17be3487e82ca20139252d7c5ca15e0cc4fd08a0b93ae87adbd3.exe

  • Size

    52KB

  • MD5

    02279d272e81a497330f22cfa866dc54

  • SHA1

    11228964549687fcabdc66a3059cd75fcf18bdcd

  • SHA256

    37df6c75773a17be3487e82ca20139252d7c5ca15e0cc4fd08a0b93ae87adbd3

  • SHA512

    9eff45b22dadec11c640f97d994d6e744aa17f9fb8131eecfdf431a6e2cb18f7b9e1eb29717377430c4c7c48a71ba2ef0afc7c55eea7974b2d46372ccb2c9f67

  • SSDEEP

    1536:cpHDSBc87/UWF70l/Crbi/OZu71Omwkn2OBCyO:cYW8rHF70l/Ybi/HOt+fTO

  Score

  10^/10

  xwormpersistencerattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2