xenorat | 17c89d581521ec69fa8880008fe351f569c063bdf18ce0561c817ff98398c0a1 | Triage

Sharing

General

Target

17c89d581521ec69fa8880008fe351f569c063bdf18ce0561c817ff98398c0a1
Size

155KB
Sample

240325-v1bw1sgh41
MD5

ba9ca18b95f8985e2ef0b5d8bfe083ea
SHA1

7398827694daa718e6cb6fdd4a32cad6e39be407
SHA256

17c89d581521ec69fa8880008fe351f569c063bdf18ce0561c817ff98398c0a1
SHA512

7c6a93398cb3bcecd0f7d972f8fcd3d53d0043012c84bbd245a68f516567434ed00e9dbca52918b10e83de0202653ffcd6a9df2d6a2c9dfeeae726b768d7cfea
SSDEEP

1536:Fw+jjgn9H9XqcnW85SbTgWIW+ohedcm7DHLwB0Yr7QH7:Fw+jqF91UbTgM+fL7DrXUM

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
appdata
port
4444
startup_name
nothingset

Targets

- Target
  
  17c89d581521ec69fa8880008fe351f569c063bdf18ce0561c817ff98398c0a1
- Size
  
  155KB
- MD5
  
  ba9ca18b95f8985e2ef0b5d8bfe083ea
- SHA1
  
  7398827694daa718e6cb6fdd4a32cad6e39be407
- SHA256
  
  17c89d581521ec69fa8880008fe351f569c063bdf18ce0561c817ff98398c0a1
- SHA512
  
  7c6a93398cb3bcecd0f7d972f8fcd3d53d0043012c84bbd245a68f516567434ed00e9dbca52918b10e83de0202653ffcd6a9df2d6a2c9dfeeae726b768d7cfea
- SSDEEP
  
  1536:Fw+jjgn9H9XqcnW85SbTgWIW+ohedcm7DHLwB0Yr7QH7:Fw+jqF91UbTgM+fL7DrXUM
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratrattrojan

behavioral2

xenoratrattrojan