Extracted

• • Target

    28d20d7c697f7f5b07c70d64eb356f2cc6331b0477369d6ba6d5c35cd886f9cd

  • Size

    250KB

  • MD5

    0b15ac611ffb409d42f1718635482256

  • SHA1

    7f039e46b0a1ae613b64c45769405f197dba0ca3

  • SHA256

    28d20d7c697f7f5b07c70d64eb356f2cc6331b0477369d6ba6d5c35cd886f9cd

  • SHA512

    7076f48ba765d5cd4550757e9a6697075ae7bb5419f8a614223a3fdb827f8e6b5b26267f22cea19ce0c9239b7b3b624021dbec0e7d30ee1c433f739dfd1eeab4

  • SSDEEP

    6144:bLcou8zw6r/39IDG+tW6Ltc/gkHYYrguTEzI:/55TeDG+tla/g+YYrguTE0

  Score

  10^/10

  xenoratcredential_accessdiscoveryratspywarestealertrojan

  • XenorRat

    XenorRat is a remote access trojan written in C#.

    trojanratxenorat

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2