Extracted

• • Target

    Nitro.exe

  • Size

    45KB

  • MD5

    048a4609bb110ca3e09bbfef1cc40c96

  • SHA1

    7d01285acc3f07037ab0254da3ec68bf4ceddb34

  • SHA256

    57f7eb514c99759aad8e22283c23dc974bb40d0b3bae8fe05fcbf5bd681382e1

  • SHA512

    fe2a26dd117df6eda626adb17d316010052098655fe794a37a5861290a4201b3bdc7eff184bcb93152a2e808bce82733dace9de143020c4748161e5ac28a4b1b

  • SSDEEP

    768:xdhO/poiiUcjlJInG1H9Xqk5nWEZ5SbTDaSuI7CPW5K:vw+jjgneH9XqcnW85SbTHuIi

  Score

  10^/10

  xenoratdiscoveryrattrojan

  • Detect XenoRat Payload

  • XenorRat

    XenorRat is a remote access trojan written in C#.

    trojanratxenorat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2