Extracted

• • Target

    26973056c194b68b10d1c2b9a632a27e.doc

  • Size

    47KB

  • MD5

    26973056c194b68b10d1c2b9a632a27e

  • SHA1

    0b61132df948c4d48e81b631bdad91be1080f530

  • SHA256

    4a58b228b23cdc286d103115b2fb312eedf6741aeada17b242620b6737db1035

  • SHA512

    72a2120c4e62e91aec8cf5ec14ca42d5088944b4652dd5c69be15640bb3c260a8eb74984659f98d2161671bc4b4da0397542d4e0d24e30518374ff686ed66c2e

  • SSDEEP

    384:5fFAhRp/6j1dhUsQGlWmxDJzkpiSY5UyCUuCJbnsQfzyK9tujq/z60jAx7:5KhHi3KnCWmHzk7o3JzVip

  Score

  10^/10

  xenoratdiscoveryrattrojan

  • Detect XenoRat Payload

  • XenorRat

    XenorRat is a remote access trojan written in C#.

    trojanratxenorat

  • Xenorat family

    xenorat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2