Extracted

• • Target

    MeeV Spoofer.rar

  • Size

    24.1MB

  • MD5

    7797b922d3e1adb0b167bccc4735d534

  • SHA1

    0591df178752dd4cf3a82628fa445074c5909f13

  • SHA256

    8815d4597cdc668da03392cab1118fda3988a5e0a16bb64711cfc188358887a8

  • SHA512

    c4c3255d9c9dbd6fea7c849c4e598eaa4e839b21636cf3bc5d5cb3d526aad8cdd499a4ab44849e5f8842bb1dccec98d39f7606266ea79ba6173cbc9c7aabf26d

  • SSDEEP

    786432:oGpi5th8XvTF7foyqAoC1uH4kXr6xew/N1:ogi5b8BoyToCsH4k+xR7

  Score

  10^/10

  xwormrattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2