Extracted

• • Target

    baaaaaaaaaaa.exe

  • Size

    117KB

  • MD5

    b6fcd3cc05a353ba02bff86f189c81f4

  • SHA1

    3b1c446f2c9ef7bb6a7e7830095e483f7ee5cd02

  • SHA256

    d7e8929a59ac3b7c9cf4117051b6ec067b1325b14840f79ddf8b0be6427ccc63

  • SHA512

    b133a5360f00cfac8e55f93ee8f9a9354cbd70cbd95a80a94242f2ad2752240096faecc74d0add29b18c9d8c53d38d51a2695a61b58ddf0cf8ac3af6b84ecda3

  • SSDEEP

    1536:7zHf/6CIb+fxesWfWywd0luhtUio21cDPYhos7Gf5ACLIgq943uxH8irFv2TLMlS:XHfdfNJ2Wdvcy6

  Score

  10^/10

  xwormpersistencerattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral1behavioral2behavioral3