Extracted

• • Target

    Crack Launcher.exe

  • Size

    3.7MB

  • MD5

    95e8f2ac083ffa44bd5eb4011a5bc4ef

  • SHA1

    a88990feafe0a9955121608d92eb9156cb6621a0

  • SHA256

    706cac0b64738427fc45831e2d7cb548268adf36e6111e0f9aac71f48e6091eb

  • SHA512

    72bb43b6ee2a4fb9ab42aabd73f8eb064cc40bf575403afab4a161c69f6e9144ef62f40d3f0eca9e26864cf71729b5e4154d3dc93f2e94caa742fd2f629014ee

  • SSDEEP

    98304:8DaQ4jINZ/bE6Jg9iw0QLZ+8WK1mzJxN/NEneQNEf:F5INJ1w0UNWsm7+eQNM

  Score

  10^/10

  xwormdiscoveryexecutionpersistencerattrojanupx

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Detected Nirsoft tools

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1