Extracted

Extracted

• • Target

    df.exe

  • Size

    47KB

  • MD5

    ead40c54358549d98d46410ac153ab2d

  • SHA1

    30211c2325574f2fd8ec8ff465db956722c8e32e

  • SHA256

    1780e7a2ff810fcaeb2aa616efec011dc2af042d918f6ab4c2e26aea4bb91b17

  • SHA512

    54d546924662055ec1118d7e12be5cff6f8b856d1fa32864d88d77910b28788a8557144c7a6d83e5acb83490d845a68e8edc2d078a6a535480b756e8d7ed4a18

  • SSDEEP

    768:Dxdajsmwa+PZCVMpUbw8lvTTybtvoLFemiC0ApjkrbTEyG9aLevxhJOfb+1Z:1d6smwa+PZSMpUbw8lbTybtvkFe9o1O

  Score

  10^/10

  xwormdiscoveryrattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2behavioral3