Extracted

Extracted

• • Target

    c99818a50f8c02af5204158301bf8552993c03ade20f2016b5997d440d2297c5.xll

  • Size

    819KB

  • MD5

    568383287c850ef98c2fde1c642870f2

  • SHA1

    f8487d82118c0439545fddde534bdde0250885ee

  • SHA256

    c99818a50f8c02af5204158301bf8552993c03ade20f2016b5997d440d2297c5

  • SHA512

    11e5d1b7eb2113a5d283e01ea715479f84fb401a2f0940639368cf4453f0a478c8af905aae8fdb3b05c9a090f4838cbfb9b5f0ec509d533b8ffc36ad858df3a0

  • SSDEEP

    12288:1G1N4HkcgMsiOd58bzbBSreqQ0uqZzD1reWabd/84QKycycwU636x2Cd5J:1oOOMX16+QHT+dbQKZBxP5

  Score

  10^/10

  xenoratrattrojan

  • XenorRat

    XenorRat is a remote access trojan written in C#.

    trojanratxenorat

  • Detects executables packed with ConfuserEx Mod

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2