Extracted

• • Target

    5a0886fc82bedd52f94509ce17092f6ea671e53622edf852cd7ba20901d25354.exe

  • Size

    40KB

  • MD5

    4d5fc0012e9f61d18e5aea4ae43349f2

  • SHA1

    c0cc2d966bbffeaebde61405af31d44e9b36786e

  • SHA256

    5a0886fc82bedd52f94509ce17092f6ea671e53622edf852cd7ba20901d25354

  • SHA512

    2a92c27f153e80577a3adc46d872d75340a29e18782ea6c4134c0a4b81e9b886438c6012697bd55c02ecc37223ce5f089c6a6bfdba9ba25a78daa23953e61564

  • SSDEEP

    768:T2QbHY3voobaXV2pUcX3H7HpUpTBVrbokrMqt23Ri:XKvxaXV2pUYzOlbrboTqt

  Score

  10^/10

  xenoratdiscoveryrattrojan

  • XenorRat

    XenorRat is a remote access trojan written in C#.

    trojanratxenorat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2