Extracted

• • Target

    Xeno.exe

  • Size

    3.0MB

  • MD5

    158b3d88e3cebfa581703ee917bad272

  • SHA1

    759c69673d8326e8e73e72297bf0ac4eb1e0a217

  • SHA256

    919161265bdda133ab4c6693baa0d603c7713ca71636d262c1d3a5805d28d05d

  • SHA512

    023af21a4c339559124df0d5cc280dfa63d7824ea7474c92f95cfa04b482bd879ff359b1511f8bd4e35f2344bae84fadb8ff8f784d792575197f1aba9211f189

  • SSDEEP

    49152:ytlcyXfHnaBTof9ePCjkIAm1skqXfd+/9A9ByClY1v/a/ehH7pNLLn2:yfZXfHaFoCIvqkqXf0FglY1XOe97vLn

  Score

  10^/10

  xwormdiscoveryrattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2