Overview

overview

10

Static

static

10

ok.exe

windows7-x64

10

ok.exe

windows10-2004-x64

10

Resubmissions

12-04-2024 16:12

240412-tnhy5aca34 10

12-04-2024 06:12

240412-gx6ekagc94 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ok.exe

  • Size

    45KB

  • Sample

    240412-gx6ekagc94

  • MD5

    2d16646ae88e5979ab98de7a372337c8

  • SHA1

    dd91c79b53194fa45c78df96d0bd594a35c1508e

  • SHA256

    c01236d7be0ab4e31278d02559a12b8a0711144f26d37c6919375022964eba95

  • SHA512

    ad61921a8f87ce17c0d4b0a481632ff310e1f150022213094a0844cd06f7942f85685aebc758e4bac368bc2c2f7422618638ab7adbc4e10caf7ed14eba3184ff

  • SSDEEP

    768:NdhO/poiiUcjlJInDwH9Xqk5nWEZ5SbTDa0WI7CPW5c:Dw+jjgn0H9XqcnW85SbTlWIk

Score
10/10
xenoratrattrojan

Malware Config

Extracted

Family

xenorat

C2

fe80::48a6:2b8e:4540:36b9%6

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    4444

  • startup_name

    SysUpd

Targets

    • Target

      ok.exe

    • Size

      45KB

    • MD5

      2d16646ae88e5979ab98de7a372337c8

    • SHA1

      dd91c79b53194fa45c78df96d0bd594a35c1508e

    • SHA256

      c01236d7be0ab4e31278d02559a12b8a0711144f26d37c6919375022964eba95

    • SHA512

      ad61921a8f87ce17c0d4b0a481632ff310e1f150022213094a0844cd06f7942f85685aebc758e4bac368bc2c2f7422618638ab7adbc4e10caf7ed14eba3184ff

    • SSDEEP

      768:NdhO/poiiUcjlJInDwH9Xqk5nWEZ5SbTDa0WI7CPW5c:Dw+jjgn0H9XqcnW85SbTlWIk

    Score
    10/10
    xenoratrattrojan

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks