Extracted

• • Target

    PotatoCheats.exe

  • Size

    69KB

  • MD5

    382258b6d5178139f1972bbf1b06f6f4

  • SHA1

    f42e85ac9f2775005817f6894c44f52331940784

  • SHA256

    f1194a10e317ec32367972838854bbfedb6a8ed8d48785a225a6af635f744242

  • SHA512

    8072b0607b05d82ccfaf8ad84a9fbab46c191026dbae323695d6a521620348c3c872260156a8dae72e8c18086128224e6e1efc2657002f7e70036210bcfa963c

  • SSDEEP

    1536:WuYbI6lmB8Q9fTkaqb2tbRZ6WjbF8hx4BJCgE:rYbI6y8Q9cCtb+oSZgE

  Score

  10^/10

  xwormdiscoveryrattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2