xenorat | 58286c66f3f0a8333f52c72eeddca15a7622ba072aee9b9957e5ba6214ecdf02 | Triage

Sharing

General

Target

DLLRestoration_V2.exe
Size

45KB
Sample

240315-14n9eaea94
MD5

38b365866e8a51056647e64c32bcd64e
SHA1

894e0286e2e21dc448eb916ffa8e2bbfaf068355
SHA256

58286c66f3f0a8333f52c72eeddca15a7622ba072aee9b9957e5ba6214ecdf02
SHA512

92ce606aa6ac5ed3c3569fdbf3496317cab2a3d13cf339dc63b51b0f511f2d7e29855c4d7bcb32c3227d9ffabec5f9a471e89338b2ac448c9756470439c140ca
SSDEEP

768:5dhO/poiiUcjlJInyJH9Xqk5nWEZ5SbTDaeWI7CPW5l:3w+jjgnyH9XqcnW85SbTXWId

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

192.168.86.56

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
appdata
port
4444
startup_name
FortniteRuntime.exe

Targets

- Target
  
  DLLRestoration_V2.exe
- Size
  
  45KB
- MD5
  
  38b365866e8a51056647e64c32bcd64e
- SHA1
  
  894e0286e2e21dc448eb916ffa8e2bbfaf068355
- SHA256
  
  58286c66f3f0a8333f52c72eeddca15a7622ba072aee9b9957e5ba6214ecdf02
- SHA512
  
  92ce606aa6ac5ed3c3569fdbf3496317cab2a3d13cf339dc63b51b0f511f2d7e29855c4d7bcb32c3227d9ffabec5f9a471e89338b2ac448c9756470439c140ca
- SSDEEP
  
  768:5dhO/poiiUcjlJInyJH9Xqk5nWEZ5SbTDaeWI7CPW5l:3w+jjgnyH9XqcnW85SbTXWId
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratrattrojan

behavioral2

xenoratrattrojan