Extracted

• • Target

    XwormLoader.exe

  • Size

    8.0MB

  • MD5

    2d19886d92d96cbc75d0045c88ddb83a

  • SHA1

    6ecda95b7b6da8a7c14a0394c1e9a2e76f9e5c5e

  • SHA256

    d48f1ebd2111d5b730787c3d2247c27da0b35d95a2363aa70490e0e3db6e06a0

  • SHA512

    a975de161952f092c97b7f6990da127e0aaf244ce9603508b0c377781cd4e67c84bf091e77b458f48f8354118afb45d292e0280535807ba26f0c6d28d57e7b1d

  • SSDEEP

    196608:eXin21AV7RTxZxNsh9hGb8Wo+Nu1juzy9w6W3ADORlIG:dZ3XxNsjhGbXo+NuFuzy9w9wD42G

  Score

  10^/10

  stormkittyxwormcollectioncredential_accessdiscoveryexecutionpersistenceprivilege_escalationratspywarestealertrojan

  • Detect Xworm Payload

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Stormkitty family

    stormkitty

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Uses browser remote debugging

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer

  • .NET Reactor proctector

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2