Overview

overview

10

Static

static

10

Loader.exe

windows7-x64

10

Loader.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Loader.exe

  • Size

    46KB

  • Sample

    240316-kv26xahe98

  • MD5

    75fdbc2d379d84adacfc0f521d88dd59

  • SHA1

    3a441c75c212a970b1acf547ff67d36e5b3b2767

  • SHA256

    990565da28fb5ee5655a3723add532743334ba88efc998c891344b17549d88aa

  • SHA512

    f6140ded24561c64c4f6722f88209c18cdec8e7b643b3de3777a3ba1390fc440eadfc272dff97a9d7ae040e72797d55ee662ed26df1da2ada4da96c9e071bb64

  • SSDEEP

    768:DdhO/poiiUcjlJInIwH9Xqk5nWEZ5SbTDa7WI7CPW5+:Rw+jjgnhH9XqcnW85SbTyWIG

Score
10/10
xenoratrattrojan

Malware Config

Extracted

Family

xenorat

C2

192.168.178.23

Mutex

Windows_Client_nd8912d

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    4444

  • startup_name

    Discord Update

Targets

    • Target

      Loader.exe

    • Size

      46KB

    • MD5

      75fdbc2d379d84adacfc0f521d88dd59

    • SHA1

      3a441c75c212a970b1acf547ff67d36e5b3b2767

    • SHA256

      990565da28fb5ee5655a3723add532743334ba88efc998c891344b17549d88aa

    • SHA512

      f6140ded24561c64c4f6722f88209c18cdec8e7b643b3de3777a3ba1390fc440eadfc272dff97a9d7ae040e72797d55ee662ed26df1da2ada4da96c9e071bb64

    • SSDEEP

      768:DdhO/poiiUcjlJInIwH9Xqk5nWEZ5SbTDa7WI7CPW5+:Rw+jjgnhH9XqcnW85SbTyWIG

    Score
    10/10
    xenoratrattrojan

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks