Extracted

• • Target

    XClient.exe

  • Size

    62KB

  • MD5

    96fedf6b9bdef61b693c3c895e647ec9

  • SHA1

    d75b1c6021af31f40414e892d9fdc16132df9a82

  • SHA256

    aed72392c30af8bbd8d7d2978992fb0b499333741e799e1e14f285af74e3b9dc

  • SHA512

    3fab7337d135387c5ee923960985b0c58c7c45ce34c97e7a984549e805f6ddc71bde72ba83f9473fd48c8cd380e3e75674a21e2250d7eccfdcae011caea73384

  • SSDEEP

    1536:J4OZWBxEzUFdvJzJfvpX5+bLW+6NG+MOc8m+3R:2OABxucdBzJfvpJ+bL1+MOc8mQR

  Score

  10^/10

  xwormpersistencerattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral1behavioral2