Extracted

Extracted

• • Target

    VelocitySupportTool.exe

  • Size

    409KB

  • MD5

    89c1e3a7ec9d20a6a19d33733ddfb45d

  • SHA1

    92e295c1a64cb1a7cff25da640d427d494913ea6

  • SHA256

    de4e0c559892f2e6532a81f41f2dc7881abcb21f10cef2f0b8e1c08f028ed274

  • SHA512

    8a0db537fb949c274db4bc0ddf1b8e1075fe9a944c72e0f2790846288844a81870afdd549dfe2850deabf34aebfeca38faddf49128f3a25ce99660421858998d

  • SSDEEP

    6144:WzgYQ6Sr8vQUroyIzypnSiO3duT8dQ5dAGgtxLnCN9eo9kMAfjKFfjqKatZqFYp:Wzg0Qw1mAyQWtxjyeoOpjK8H

  Score

  10^/10

  xwormrattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2