Overview

overview

10

Static

static

1

back (2).png

windows10-1703-x64

3

back (2).png

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    back (2).png

  • Size

    1.0MB

  • Sample

    240413-dl9q3aag53

  • MD5

    9a23ac8c310f99cc6301971a939570cb

  • SHA1

    ae5bf076de813feaa93df4dd5145c2bd6c7e42cc

  • SHA256

    70d5c81fbdd92309a3de3647e22711ecb55550f458aecd94a668e03477c72a7a

  • SHA512

    f7c617d12706014bd5ef6f4fbd6a2db04035c400104f0e066054803d8871e6ee653eaeb7e733fab97f14f033ec0fcf79be8cb2aca3813306cc3f47af89e30581

  • SSDEEP

    24576:tr/vtJ3UiVSlkCvWjsGkYVj7f9KB/EFAPAtBA:x/vP3uWCMVp27AtG

Score
10/10
xenoratrattrojan

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    4444

  • startup_name

    nigga

Targets

    • Target

      back (2).png

    • Size

      1.0MB

    • MD5

      9a23ac8c310f99cc6301971a939570cb

    • SHA1

      ae5bf076de813feaa93df4dd5145c2bd6c7e42cc

    • SHA256

      70d5c81fbdd92309a3de3647e22711ecb55550f458aecd94a668e03477c72a7a

    • SHA512

      f7c617d12706014bd5ef6f4fbd6a2db04035c400104f0e066054803d8871e6ee653eaeb7e733fab97f14f033ec0fcf79be8cb2aca3813306cc3f47af89e30581

    • SSDEEP

      24576:tr/vtJ3UiVSlkCvWjsGkYVj7f9KB/EFAPAtBA:x/vP3uWCMVp27AtG

    Score
    10/10
    xenoratrattrojan

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks