Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

12/04/2024, 16:12 UTC

240412-tnhy5aca34 10

12/04/2024, 06:12 UTC

240412-gx6ekagc94 10

General

  • Target

    ok.exe

  • Size

    45KB

  • Sample

    240412-gx6ekagc94

  • MD5

    2d16646ae88e5979ab98de7a372337c8

  • SHA1

    dd91c79b53194fa45c78df96d0bd594a35c1508e

  • SHA256

    c01236d7be0ab4e31278d02559a12b8a0711144f26d37c6919375022964eba95

  • SHA512

    ad61921a8f87ce17c0d4b0a481632ff310e1f150022213094a0844cd06f7942f85685aebc758e4bac368bc2c2f7422618638ab7adbc4e10caf7ed14eba3184ff

  • SSDEEP

    768:NdhO/poiiUcjlJInDwH9Xqk5nWEZ5SbTDa0WI7CPW5c:Dw+jjgn0H9XqcnW85SbTlWIk

Score
10/10

Malware Config

Extracted

Family

xenorat

C2

fe80::48a6:2b8e:4540:36b9%6

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    4444

  • startup_name

    SysUpd

Targets

    • Target

      ok.exe

    • Size

      45KB

    • MD5

      2d16646ae88e5979ab98de7a372337c8

    • SHA1

      dd91c79b53194fa45c78df96d0bd594a35c1508e

    • SHA256

      c01236d7be0ab4e31278d02559a12b8a0711144f26d37c6919375022964eba95

    • SHA512

      ad61921a8f87ce17c0d4b0a481632ff310e1f150022213094a0844cd06f7942f85685aebc758e4bac368bc2c2f7422618638ab7adbc4e10caf7ed14eba3184ff

    • SSDEEP

      768:NdhO/poiiUcjlJInDwH9Xqk5nWEZ5SbTDa0WI7CPW5c:Dw+jjgn0H9XqcnW85SbTlWIk

    Score
    10/10
    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.