Extracted

• • Target

    RFQ 2347272627727 (2).exe

  • Size

    525KB

  • MD5

    ec9a0a802977a1ad347f5dc2c9afe2a0

  • SHA1

    598acaf9ca68fff4842a7aa6ddff7355bc3be437

  • SHA256

    ccefb2e84c53d0542fb29deee6bcc3f83583aac48f94c9e7e3a97b9473d73f5f

  • SHA512

    30fbb8f8a5f8d346934b311ca80aac0d6c8f528211a84dfb344db599ca75166e065a0265775854f098e21db01d6466bbb2307f2a1627312c047c8f0e172a8b7e

  • SSDEEP

    12288:mTPF847SX3pdFRtoXyLAz68Q6awWLMzqrc2ip:mTd82SXRRIyaQ6aw7zqs

  Score

  10^/10

  xenoratdiscoveryrattrojanspywarestealer

  • Detect XenoRat Payload

  • XenorRat

    XenorRat is a remote access trojan written in C#.

    trojanratxenorat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2