Extracted

• • Target

    7ea9da3dd3db6f3fadf04ac76b54434b.doc

  • Size

    195KB

  • MD5

    7ea9da3dd3db6f3fadf04ac76b54434b

  • SHA1

    b30b950191046d999e71aaa54fb2648c6655ce9b

  • SHA256

    947bce97211371e730a2b8b79c2ec4d154904e8faa7bed2583c5c6c420230170

  • SHA512

    f94eb382dedb8c3952dbc0f3b9040201455cec641c845bedf5765a2772aa98cb20d92b3e0edadcd92fd7cdb77e7c6f37d26bdd276cceea733237e28f04240f9d

  • SSDEEP

    3072:a877VGZ5Sd3b4e0wNZtsqXNKd5AvDJW4S+I/tZ6X1bpF6mfTm:DGZYwAZHMCDJ8/u5pAmbm

  Score

  10^/10

  xenoratdiscoveryrattrojan

  • Detect XenoRat Payload

  • XenorRat

    XenorRat is a remote access trojan written in C#.

    trojanratxenorat

  • Xenorat family

    xenorat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2