Extracted

• • Target

    19074e7a2c8b41cebef774134e1caac0d9f085c58143d3a2ccdc46e77cadb61d.exe

  • Size

    242KB

  • MD5

    a62267b983a96b83f7c64f20579992c7

  • SHA1

    a32bc7a08572e485e5a396adad9a7da8ecf60ad6

  • SHA256

    19074e7a2c8b41cebef774134e1caac0d9f085c58143d3a2ccdc46e77cadb61d

  • SHA512

    9f0cb484e4082081fa10da7668e367a6b4655a93af1ba415c58800848548665a7b9c0aab61366b21cfa9923f70e7bc3e8c6c969b5fc26d6cd7d2bf15eb81e79e

  • SSDEEP

    6144:R150wrA3nuGPJoVQuWozHl+2ryXezHabUpogdmpnh/bpiiLLTodF6aJV6I:ZA37JoVQuPLNHabEVAjpTLTodF6aJVP

  Score

  10^/10

  xenoratrattrojan

  • Detects XenoRAT malware

    XenoRAT is an open-source remote access tool (RAT) developed in C#.

    rat

  • XenorRat

    XenorRat is a remote access trojan written in C#.

    trojanratxenorat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2