Extracted

• • Target

    afa5e2493e33deda3523c8173b76c579e8f032963380dd993ebe6002b59adda7.exe

  • Size

    45KB

  • MD5

    72a63021940e863f0c9d5f1d940f0d7b

  • SHA1

    06b7094e9c1ca39bff561de7cb79e3aa08851065

  • SHA256

    afa5e2493e33deda3523c8173b76c579e8f032963380dd993ebe6002b59adda7

  • SHA512

    83f2f71bf72a5cee588acae4910c0cf364866f4ff564acb6b076358ed3557bdfe33b8c4ffb6fe4b7303fd091d783a6a4bb4aa4f5ee5e90b04be64a937e6f9315

  • SSDEEP

    768:RdhO/poiiUcjlJInY9SH9Xqk5nWEZ5SbTDazuI7CPW55Y:Pw+jjgnYoH9XqcnW85SbT+uIxY

  Score

  10^/10

  xenoratdiscoveryrattrojan

  • Detect XenoRat Payload

  • XenorRat

    XenorRat is a remote access trojan written in C#.

    trojanratxenorat

  • Xenorat family

    xenorat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2