Extracted

• • Target

    Outstanding_Payment.vbs

  • Size

    10KB

  • MD5

    c16e69631577cf98f535b3bc87449d8d

  • SHA1

    66f071119d42023a1cd24387a19662cdf906ad22

  • SHA256

    e11868449abb65e5cd24b8454cc993336b1fa1462f8c8b31461dcaee3c6cf0e3

  • SHA512

    229c40d72a64bda855b35f959867cddbd8689a0d47adfb4bbe297af48c4c92dcaa90db5c31e06510012ad594d2196d396f6f75d1038d7772ff98c8f75431475f

  • SSDEEP

    192:8tdtjLrdjOmUi27Ang2iNSiHWdhWOqVNaYFPyxDpRCI:SQmM5xN7McOTYF0MI

  Score

  10^/10

  xenoratdiscoverymacromacro_on_actionrattrojan

  • Detect XenoRat Payload

  • XenorRat

    XenorRat is a remote access trojan written in C#.

    trojanratxenorat

  • Xenorat family

    xenorat

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Office macro that triggers on suspicious action

    Office document macro which triggers in special circumstances - often malicious.

    macromacro_on_action

  • Suspicious Office macro

    Office document equipped with macros.

    macro

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2