Extracted

• • Target

    ee14a993b4f9bf8b3f0421f0a44c2057.exe

  • Size

    32KB

  • MD5

    ee14a993b4f9bf8b3f0421f0a44c2057

  • SHA1

    e5c03509023e186e2b5dbe92262e4d8b70c406ff

  • SHA256

    12d59b63b5e8301d2f5a55e47931d91d2e17a1bcefc6941afe45c777222314a9

  • SHA512

    39e1b4f68385b3b1ab7111be06c0a309d09967571dfc809aa8ba5b8c06a6799606a838e47bed750e5870a6cfe163617041eb317fd9224ff98fc956372920def3

  • SSDEEP

    384:y+wOeemMOdqtlbRHvEdEmPLtzVFyXyLgZgJaqbNyHBw0V5AR8gtFqBLTm9zZwXJP:lEugjBzGWg6YvBzVOXFh9WkO/h+/zW

  Score

  10^/10

  xwormrattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2