Extracted

• • Target

    AlisInjectorx64.exe

  • Size

    540KB

  • MD5

    5d577543e14898862de2fc5f4976af91

  • SHA1

    38569f433469a7b9d04acc52158523ce7b3e6cf3

  • SHA256

    61493f2dac1330b7b853c4af5298dbcfbdef56f4cbd44c2266e0d23ba9d44483

  • SHA512

    223a01dc8c67da3889140a6e77a3a4721c35ba4254c165675053627dc5a558b790fdda286a545b92424a5690b6e0e3df8eacca21da67dea44a490170adacc165

  • SSDEEP

    12288:IepEAmsrIPR7Ifas9YFu7QHzs1vnVRLhjg0BX:I2S4taanVHB

  Score

  10^/10

  xwormdefense_evasiondiscoveryrattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  • Obfuscated Files or Information: Command Obfuscation

    Adversaries may obfuscate content during command execution to impede detection.

    defense_evasion
  behavioral1behavioral2