Extracted

• • Target

    2006d6408f92f5a66d2b62f5635eeb078fa2b4bfbd615791913cddec834ebb4a.exe

  • Size

    243KB

  • MD5

    d8f6115b7622aae1932adce73e6a22ae

  • SHA1

    f7cf718ab1af7a1c14788a29bddd2a9a2204a0d8

  • SHA256

    2006d6408f92f5a66d2b62f5635eeb078fa2b4bfbd615791913cddec834ebb4a

  • SHA512

    c8bb38387467b5ae0fb19d9fa5aa1086eb099de8d878ec000633daec9d27a149ed8943ec26e375d6c0799b2f32f0d72c12bb9ee78cd447fc6c855a0b75300cd6

  • SSDEEP

    6144:nmqwqSDBvqTGEi35YZcUuZhFwoc+XQ34utDPG3HWC+AgxQkWvI:nmpDBvqTGhiZcUkhCocfDe3HWC+AgxQQ

  Score

  10^/10

  xenoratrattrojan

  • XenorRat

    XenorRat is a remote access trojan written in C#.

    trojanratxenorat

  • Detects executables packed with ConfuserEx Mod

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2