Extracted

• • Target

    884b586231504947e47b158b414747323442185162aa32d348f21ce61c9124ce.exe

  • Size

    235KB

  • MD5

    2c2e04484f2c8317df24936703c2b146

  • SHA1

    551562978661e925c8b56489d0fa92635ef6e965

  • SHA256

    884b586231504947e47b158b414747323442185162aa32d348f21ce61c9124ce

  • SHA512

    abbb705268385861143a59d460d5ecf2fb7e8cb803fb419b4248faa3a6e3d8a2029f5e2265c2fdd5a46b4c32b608e3d89b55746bdac4b5d79796e89f20f7766b

  • SSDEEP

    6144:lyTqCfoPYvHf+/MBeXAQZXZNyVOPyG+SpIOgBHqfWh7VwpSFDFzI:lsNfrqMBCDNysaGvIO2qfWh7VwpSFDF0

  Score

  10^/10

  xenoratrattrojanspywarestealer

  • XenorRat

    XenorRat is a remote access trojan written in C#.

    trojanratxenorat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2