Extracted

• • Target

    Uytta Client.exe

  • Size

    284KB

  • MD5

    3877eb59a133bcf9745356dc794d48b9

  • SHA1

    632f1d6ae66e5572e857cf41795b02137b1afe2e

  • SHA256

    d44cd1efe9953098482be69488f24bf35c2e3662e2cc843a49b928a972eeb8a8

  • SHA512

    886a3b50a01c57fb277f3fa295070195621c45c74f7d391c2507ccd4d33800ae08717f70704c79557cf880af85f242670c30cc6ee74491f329180feb264548cf

  • SSDEEP

    3072:8siYcW3RruM0pV5nFPi0ffWZgOelgIiuM/5CxgsDnUi/H+VvtCY4InH3H8:8/Yc+B4540ffW/elQ5Ce9O+VvPNM

  Score

  10^/10

  xwormdefense_evasiondiscoveryrattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Obfuscated Files or Information: Command Obfuscation

    Adversaries may obfuscate content during command execution to impede detection.

    defense_evasion
  behavioral1behavioral2