Extracted

• • Target

    RobuxEarningV1.0.exe

  • Size

    6.8MB

  • MD5

    40e4949832835252d7c13f380a7e34e8

  • SHA1

    40413f428911437631362398426b2f2accccaefe

  • SHA256

    96a6c1b696660babb99a2de8c47464de947a11c8982277a86fb3814c6c22ada9

  • SHA512

    7160d5701d809c6b7bee228f162dab0960a6f300e0428bc3176fca508ecbcad8841b0f663164cb6f08f6db7816af93879a6c08ecc2fd0877e2db84764e018523

  • SSDEEP

    98304:4Clb/EOLQw+R0jtL0er+6HMh1igAyKl7MIEGYPkqQMcTVfrrt5pQ:4iAOw0jxNMh1xakPkmcNK

  Score

  10^/10

  executionpyinstallerxwormrattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2