Extracted

• • Target

    Svchost.exe

  • Size

    45KB

  • MD5

    d7b665428dd5924505511bd5c0f79e28

  • SHA1

    ef1480132b1bae773ef2ddede22e0f1ae7786625

  • SHA256

    c69792d8a8ef30f50d118949aee702a01be0cafb4e9f6c9b544a8bb193ea5994

  • SHA512

    9c0918269b6c8ed93cff186ae13fc0bb288be64381f6465597c619a5a894e76cf5af45c46b7a1aea3c0acd184fc4f74cc2e2dc2b4dc9cedae6643b8ad74f9521

  • SSDEEP

    768:ldhO/poiiUcjlJInShYH9Xqk5nWEZ5SbTDaCuI7CPW5u:7w+jjgnSSH9XqcnW85SbTXuIm

  Score

  10^/10

  xenoratdiscoveryrattrojan

  • Detect XenoRat Payload

  • XenorRat

    XenorRat is a remote access trojan written in C#.

    trojanratxenorat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2