Extracted

• • Target

    ExcellentFree.exe

  • Size

    343KB

  • MD5

    1dada3e7f8778a0ded097e5f07acce8f

  • SHA1

    378904782a01e891084e8bf4a1972c747e74776d

  • SHA256

    1b6d0960335318a18ad8ac01f336918fdd385bb1002a9c001652f028f31f04b7

  • SHA512

    3f4ad9f710e2654a52b2bdf88b63b6c1eadacd424996fb397fe983734fe4e405761c0e79fb4ff0c15240ee52d2b98c5bffc55f9934645a8ee851ff00c2b3771a

  • SSDEEP

    6144:k0mlj5Nx1eN0wPZoZgMM6V2A1swXSCjYh/MjQX4amGVpOrPMDNJLANeUz/A8:+55X0N0wP6njeUjQoxdP8J8NeUzY8

  Score

  10^/10

  xwormdiscoveryrattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2