Extracted

• • Target

    8eb8ebe00262f74321167beca9e51f62add06e4460e2f274f857e3d7664cb9a9.exe

  • Size

    242KB

  • MD5

    2bad7cb7d57cae21a1d45344ad5600c5

  • SHA1

    d680e5a796951f3221c7691ec9dacca28149c195

  • SHA256

    8eb8ebe00262f74321167beca9e51f62add06e4460e2f274f857e3d7664cb9a9

  • SHA512

    37afa118242b6a52efb2aab633bdffd67171bf14fdef30c50f53041caf3ff00f1b845b43c09ecf9153339235add15cfb541eb8e8610f0558814cc1f5967a22b3

  • SSDEEP

    6144:E50AnWb4TnuDma4k2QxjKnuA1iIP1p37QFSKz6lbI:E50AW8TuajMATdhQFSKz6a

  Score

  10^/10

  xenoratrattrojan

  • XenorRat

    XenorRat is a remote access trojan written in C#.

    trojanratxenorat

  • Detects executables packed with ConfuserEx Mod

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2