xenorat | 726846fbb5d59c18d5dac5030922dd48dd2a5c7f2c3f5d588cf390f7b854aa99 | Triage

Submit
Reports

Overview

overview

Static

static

OHIO.exe

windows11-21h2-x64

Sharing

General

Target

OHIO.exe
Size

45KB
Sample

240331-psm2esbd9v
MD5

204bbef87179ce538967d0a2deeaf1f1
SHA1

ded1fd9dbe871303791abfab7868ec7c08e693dc
SHA256

726846fbb5d59c18d5dac5030922dd48dd2a5c7f2c3f5d588cf390f7b854aa99
SHA512

fac8562234b5a62946c77fffb0b2e7f6c9d54d76476a825cafae9b387b72e477b378a0999235b0acefb7bb1aceed62584a8d8883d2a4046be411a829b99fac0d
SSDEEP

768:TdhO/poiiUcjlJInp2gH9Xqk5nWEZ5SbTDaXuI7CPW5I:hw+jjgnpLH9XqcnW85SbT6uIA

Score

10^/10

xenorat rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

OHIO.exe

Resource

win11-20240319-en

xenorat rat trojan

windows11-21h2-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
temp
port
4444
startup_name
Windows Protection

Targets

- Target
  
  OHIO.exe
- Size
  
  45KB
- MD5
  
  204bbef87179ce538967d0a2deeaf1f1
- SHA1
  
  ded1fd9dbe871303791abfab7868ec7c08e693dc
- SHA256
  
  726846fbb5d59c18d5dac5030922dd48dd2a5c7f2c3f5d588cf390f7b854aa99
- SHA512
  
  fac8562234b5a62946c77fffb0b2e7f6c9d54d76476a825cafae9b387b72e477b378a0999235b0acefb7bb1aceed62584a8d8883d2a4046be411a829b99fac0d
- SSDEEP
  
  768:TdhO/poiiUcjlJInp2gH9Xqk5nWEZ5SbTDaXuI7CPW5I:hw+jjgnpLH9XqcnW85SbT6uIA
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratrattrojan

© 2018-2024

Terms | Privacy