Extracted

• • Target

    LOLSA.exe

  • Size

    76KB

  • MD5

    621dcab53a15d786df2dfeb98a8adfb1

  • SHA1

    b12ee4ca64b434cc1ab4d69aab3e4775701bfbec

  • SHA256

    01e7b0486debabca8a91c3e3fc9681029abac9c5fdee43dc100bf3a63dd787b3

  • SHA512

    87861a052238be7ef723ca4b3467a4fb761001756a8449137ca71c50098a3ea00583876021693a325c3f72d83d0aa4a2f584367856ff9ba439679ef068ab091d

  • SSDEEP

    1536:OEO2Gh2SX1ntBuH10rogO2Gh2SX1ptBuH10g2r4n:Otvh2SX5tBCXRvh2SXPtBCwy

  Score

  10^/10

  xwormrattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  behavioral1behavioral2