Extracted

• • Target

    Outstanding_Payment.vbs

  • Size

    10KB

  • MD5

    00fbad58c3595ae9d25c2792b2433dd7

  • SHA1

    445399fc307ce882244bff67af107e8892f4696d

  • SHA256

    b06ab5ddc1b853a2b86b2aca6a79dffd8dd0c4c3a2407bc6e568e68f038ee9aa

  • SHA512

    bfcedb8f853469cb9c6ab7a899a64be6a8d2ba5f5b01872da46988c560b2eb5d28679af56642a3c15fc70168891c5095bc1afce52520453a1e369eab32e4fb30

  • SSDEEP

    192:eqxAgaQ0JwH5DG8fpOHjZIJGYZMWYRdlINEf0N0l4Lvy0Nr5:hvZDGQpOHqFJuObL3N1

  Score

  10^/10

  xenoratdiscoverymacromacro_on_actionrattrojan

  • Detect XenoRat Payload

  • XenorRat

    XenorRat is a remote access trojan written in C#.

    trojanratxenorat

  • Xenorat family

    xenorat

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Office macro that triggers on suspicious action

    Office document macro which triggers in special circumstances - often malicious.

    macromacro_on_action

  • Suspicious Office macro

    Office document equipped with macros.

    macro

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2