Extracted

• • Target

    04fac6a1b51179f981cd3ca1ffe82e0914d0c2b7c3940076c5c9cf6cec31f83e

  • Size

    38KB

  • MD5

    702e759d83be51924e4726381bb4d8d0

  • SHA1

    7f7c6e0c2c8418dd69e731915b28985ad381682d

  • SHA256

    04fac6a1b51179f981cd3ca1ffe82e0914d0c2b7c3940076c5c9cf6cec31f83e

  • SHA512

    f549ee20b8e3ca866fcf32b3a769b3f4907ed0230c9bd9da92bcd4f7f884e1aed68ad7a86ea6aeb66349c965a74ddb9fd96cfb75ac7ac89d811cc3b44db9b5ee

  • SSDEEP

    768:bHZNZhqYjOjtg+3H6BQCAbN6yfwwMOYhRrhz0HY:bHZwfgiiQCAbN6ymOY9h

  Score

  10^/10

  xwormrattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2