Extracted

• • Target

    Mt5_Servers.exe

  • Size

    200KB

  • MD5

    5d2230f9507200accc5a6defc551bdf3

  • SHA1

    d502142597ff51da2124c3688ec677a81206f3ea

  • SHA256

    02b05f38602f3f153a01bc5585e7a7482852bfb964cc8865905b584e62eb71b6

  • SHA512

    31e9be6b7f98f2723ef8dc3e7863ccb0b9220368f013fa7735c4404d859a139753172758302b1844b9a9d8072ac0d734fa67d9d7bdb67ea41b1a20f98c9edd9e

  • SSDEEP

    3072:Gw+jqOM91UbTYC105VQq44DCFkoQDmH7J3XnXLanJpg3Efv:zWhM91UbYCW5M7JHGnJN

  Score

  10^/10

  xenoratdiscoveryrattrojan

  • Detect XenoRat Payload

  • XenorRat

    XenorRat is a remote access trojan written in C#.

    trojanratxenorat

  • Xenorat family

    xenorat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2