Extracted

• • Target

    74584aaf23f595a032038d90aefa403c5d0533da00130b885e42e76ae0cb975b

  • Size

    242KB

  • MD5

    9df5ae6de71325d7cd996258ea3b6645

  • SHA1

    294d82183f1b263c02b893a93b4f5da3adb13908

  • SHA256

    74584aaf23f595a032038d90aefa403c5d0533da00130b885e42e76ae0cb975b

  • SHA512

    27c36babb8a43e3a9fbccfbb56ab580d5e2d4c97bf401189a1c2910afbea9527ab16660dec0489a5c6990b600040cd81df3807e5c3a4e9754bb60fc972a62f69

  • SSDEEP

    6144:JKy7eUxWYV3ZsB1913qgkgtMKe6HypaY+kFNyNI:aU4YVpsBvYgkgGKe6HypaY+kFNy2

  Score

  10^/10

  xenoratrattrojan

  • XenorRat

    XenorRat is a remote access trojan written in C#.

    trojanratxenorat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2