xenorat | 07a1819c88e46a12803c2e9e27fea8fcae79dac03b4b009789f2ffcf48600128 | Triage

Sharing

General

Target

Feomrious.exe
Size

45KB
Sample

240404-n3rxpaed6y
MD5

81a2b1b50d59b05f1422300684e21016
SHA1

b5d3fe5e4c0397fddc23593eee722bc6d822ef72
SHA256

07a1819c88e46a12803c2e9e27fea8fcae79dac03b4b009789f2ffcf48600128
SHA512

69b1b18e5139f65e1aaf59c3cfcdfb2ae88c9ba75da70c885d44fb305d5f85651fc413e7b6d30883726f6e3cbc8fb740d793436bfaa6a7d480b3ab281312c4af
SSDEEP

768:SdhO/poiiUcjlJInQlH9Xqk5nWEZ5SbTDaJWI7CPW5h:0w+jjgngH9XqcnW85SbTAWI5

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

5.tcp.eu.ngrok.io

Mutex

Xeno_rat_nd8912d

Attributes

install_path
nothingset
port
14762
startup_name
nothingset

Targets

- Target
  
  Feomrious.exe
- Size
  
  45KB
- MD5
  
  81a2b1b50d59b05f1422300684e21016
- SHA1
  
  b5d3fe5e4c0397fddc23593eee722bc6d822ef72
- SHA256
  
  07a1819c88e46a12803c2e9e27fea8fcae79dac03b4b009789f2ffcf48600128
- SHA512
  
  69b1b18e5139f65e1aaf59c3cfcdfb2ae88c9ba75da70c885d44fb305d5f85651fc413e7b6d30883726f6e3cbc8fb740d793436bfaa6a7d480b3ab281312c4af
- SSDEEP
  
  768:SdhO/poiiUcjlJInQlH9Xqk5nWEZ5SbTDaJWI7CPW5h:0w+jjgngH9XqcnW85SbTAWI5
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratrattrojan