Extracted

• • Target

    2e54b909f0877f84d90b27901fec21ebf4b55a07e18050e5ef0993b46ade226e

  • Size

    10.1MB

  • MD5

    eb3ddeaf46d8dd1c61565006ee0d70a6

  • SHA1

    259b2ff84832eccc4e69e8cc72ac527e4594f34a

  • SHA256

    2e54b909f0877f84d90b27901fec21ebf4b55a07e18050e5ef0993b46ade226e

  • SHA512

    fc2d9f0fb2e7e06989b86dc430c62e9030cdc5234128d98675a74af1e50564d674cc4cbf1ac6a0a19786cded972c1fb9b15142d07744d788dfa77af5ee0c0118

  • SSDEEP

    196608:MgpaqNwQDmOBBQ04+IrMYd4JIMCSTT0a7u5m9CPyMS/pSYARTsRG6z:taHd04+6MYd73mk6xxnYiG6

  Score

  10^/10

  xwormexecutionrattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2