Extracted

• • Target

    2025-04-06_95f047ded8adcfe2e511a1fc028203b1_frostygoop_ghostlocker_sliver_snatch

  • Size

    5.6MB

  • MD5

    95f047ded8adcfe2e511a1fc028203b1

  • SHA1

    529f9ad2ad9d52b8f21a61b31e89348f7ff24e2d

  • SHA256

    57292046a9da4973018df26bb6c5090662e751928f0037ee9314f6fda9b99c69

  • SHA512

    812faa588aa8842ab2657ad919fdd08960470789d0a319c803c3236a799997647145bccffbcda6a8d3f1d94604ffd58b5591293586adbb113937611fc6b3fe64

  • SSDEEP

    49152:XKgvYa1iBLUrZlTb5LLQjpBh7Fg2g3KtBI7DSXXiTopYYrIZJqxsJRjyt5eZB:BYa1+I1x53A7FpBI7uXXaPYrXs4eZ

  Score

  10^/10

  xwormdiscoveryrattrojan

  • Detect Xworm Payload

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Suspicious use of SetThreadContext

  behavioral1