Extracted

Extracted

• • Target

    BootstrapperNew.exe

  • Size

    2.9MB

  • MD5

    95dc6da23a19b85742e9e88f6be99c34

  • SHA1

    6472d33772b0827bbefa20702dc2845d91f77535

  • SHA256

    07b6f8733155a98e4fd39d415104acc67677a6ab3ffaab73802ae5ab5bc56d5e

  • SHA512

    a0671247f44a9fc2083456811032c7fbd3c4315deec8004ff1191911f2acf0ec97287f16d5f540c15382d84f2edc461731961071f238a2776b6c20fe076acfec

  • SSDEEP

    49152:U8aLLZKgJlVSsCd0sRw/848jY0f4vYAPGiXKGEwILblKvf+nsXGfIjJqlRJZN+gi:UnLLIgbglw/8E0QvY4E/LbIf+nw41lRN

  Score

  10^/10

  xwormdefense_evasiondiscoveryexecutionrattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Legitimate hosting services abused for malware hosting/C2

  • Obfuscated Files or Information: Command Obfuscation

    Adversaries may obfuscate content during command execution to impede detection.

    defense_evasion
  behavioral1behavioral2