Extracted

• • Target

    svvhooxx.exe

  • Size

    45KB

  • MD5

    8d7c42ea0f92659088415dad200f1584

  • SHA1

    bd52a12b69e91a1f9b01ce3da69e6cf7c86f164d

  • SHA256

    31ea0b97393741bcea9df8e044162bc159209f61d71792452119791badf14322

  • SHA512

    8b2e0538805370a131b88e8f80ac84b3d79c79647b1814cce3b4bd74b33e85f7e034441e56a87149a4f50173a71f9966d74915cea5af946bb88d3241cc2aa28e

  • SSDEEP

    768:idhO/poiiUcjlJInZlH9Xqk5nWEZ5SbTDaRWI7CPW5b:Ew+jjgnPH9XqcnW85SbToWIT

  Score

  10^/10

  xenoratdiscoveryrattrojan

  • Detect XenoRat Payload

  • XenorRat

    XenorRat is a remote access trojan written in C#.

    trojanratxenorat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2