Extracted

• • Target

    XenoRAT

  • Size

    150KB

  • MD5

    fcc55ef512ccf37a07ec703b59cc7aad

  • SHA1

    9abef70ff67a2a7032ac1da4cd65424e7b2130b7

  • SHA256

    38b26e2364bc081a90145838451341f14bda3cbd15bba54bf0114cab5d2f8667

  • SHA512

    e26567479340c42126937edba18399af1d070b89c95fb8871dcbf3afb524bc89e289d361f4aa038f655e77b28e095ae3e487d8938248ea3d32677168acd17517

  • SSDEEP

    3072:1QeAu96QNvQRARkML2zzFT1xfeRfAqq9a7JcKYfb5q9ZX4o3+mI:v9zvQvMLqFT1JZ9a7NYfbkT93fI

  Score

  10^/10

  xenoratdiscoveryrattrojan

  • XenorRat

    XenorRat is a remote access trojan written in C#.

    trojanratxenorat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2