xenorat | 056711aee2b3c17d3d43ac64740d1b487e1d4a1b741a445dd3d6f1939785ede3 | Triage

Sharing

General

Target

Hmm.exe
Size

45KB
Sample

240404-vhl92adg23
MD5

67ac400542ed1106c27e0c0958ea358b
SHA1

3469e557ddd63b7c13a55475d7e9911dce9778ba
SHA256

056711aee2b3c17d3d43ac64740d1b487e1d4a1b741a445dd3d6f1939785ede3
SHA512

988106796b5017e082154b997a35428369aa628831386e99c15fc6b8ee02676b08e319e97964c8b91d7d71434e5e1d775a3c563ce63cf69994191013fbc33de4
SSDEEP

768:SdhO/poiiUcjlJIn+lH9Xqk5nWEZ5SbTDa/WI7CPW5h:0w+jjgn+H9XqcnW85SbTmWI5

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
nothingset
port
4444
startup_name
Updater

Targets

- Target
  
  Hmm.exe
- Size
  
  45KB
- MD5
  
  67ac400542ed1106c27e0c0958ea358b
- SHA1
  
  3469e557ddd63b7c13a55475d7e9911dce9778ba
- SHA256
  
  056711aee2b3c17d3d43ac64740d1b487e1d4a1b741a445dd3d6f1939785ede3
- SHA512
  
  988106796b5017e082154b997a35428369aa628831386e99c15fc6b8ee02676b08e319e97964c8b91d7d71434e5e1d775a3c563ce63cf69994191013fbc33de4
- SSDEEP
  
  768:SdhO/poiiUcjlJIn+lH9Xqk5nWEZ5SbTDa/WI7CPW5h:0w+jjgn+H9XqcnW85SbTmWI5
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratrattrojan