Extracted

• • Target

    fnfnayeemsirmod.exe

  • Size

    40KB

  • MD5

    b882799bf2bfee26b5f7c11dc6788134

  • SHA1

    6e7550054253349e498b5399ba8539036adb2e1f

  • SHA256

    b85d7c34416d1790525a95f190a2ede356e611659c1199c31de24c2e1c10171e

  • SHA512

    5f918b654a663d7eec78fc71d48f3bbf91ffca8538f2a9a0f3f172f35cfa93af98f690edb77a44d2c8f8dcadcbf46e272780ba194cf634490b11a75b3b9f8689

  • SSDEEP

    768:GQbHY3voobaXV2pecXb77HpUpTBVrbokr8qt23R9:LKvxaXV2peIzOlbrborqi

  Score

  10^/10

  xenoratdiscoveryrattrojan

  • XenorRat

    XenorRat is a remote access trojan written in C#.

    trojanratxenorat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2