Concrete signature match: Trojan - Appears legitimate but performs malicious actions for .NET (Microsoft Intermediate Language) platform, family XenoRAT
This threat is a detection for XenoRAT, a Remote Access Trojan (RAT) that grants attackers complete remote control over an infected machine. This enables actions such as data theft, keystroke logging, and remote command execution. The '!MTB' suffix indicates it was identified by machine learning-based behavioral analysis, not a static signature.
No detailed analysis available from definition files.
987b75f137babdfda3115a93dd09d936abaf28926970e9c26d48cb2b46584e111e9921f9f8ce15c8f6c82d8efc80a724c3be82dd1c7d00ca41e29da43cd4b0ba41618059db188f18fd65635c210e55cee726c0a54d51cfbe6d41676f648ea7ce5eb8fa04e2d7d059f7d82dad9f8b9c44a61a4d46473bf5fe5e353aaca8ac0d7a1. Isolate the affected device from the network immediately to prevent further C2 communication. 2. Run a full antivirus scan to ensure all malicious components are removed. 3. Investigate the initial access vector and reset passwords for all accounts used on the machine.