Extracted

• • Target

    EzLauncherV2.exe

  • Size

    14.5MB

  • MD5

    78bd6d7f86dd54b70cd0b4fcef31a0c2

  • SHA1

    f1a2f8f9aeb0b2805a35f8507953a92c66e5ff60

  • SHA256

    5dee1f6c0d4cae977831434dad086bf2b5c7e779056d93c155ba00fd612c92c0

  • SHA512

    233bbda1972cb69308131ebea4dbbc68f3cc5780f05a41ebf35240e7fa5f7f70a1fb2118c780c9a44182306b25d4122aa6ecfa52da3fe42d4492cd530aae062b

  • SSDEEP

    196608:FlROav3q3KRZu80eHnGa6d805XW+tW3EL+Er3j7tJHiVbPbNZ5rscmkkBS6sudN7:F9v3qlReHnqPVW6W0L+UpIVnNgcbuB0O

  Score

  10^/10

  xwormdiscoveryrattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2