xenorat | 9fbc285f7b604f892f4eb19c55302215cb5ec976a1eb06d9424335894bc08055 | Triage

Sharing

General

Target

9fbc285f7b604f892f4eb19c55302215cb5ec976a1eb06d9424335894bc08055
Size

45KB
Sample

240417-crzmlsbb53
MD5

a96c296b9891507e5119f0620086677b
SHA1

5db23b067df67a6b45c64081f46d7f196ca6045f
SHA256

9fbc285f7b604f892f4eb19c55302215cb5ec976a1eb06d9424335894bc08055
SHA512

9440621c8db67237861638b6ac95f746209093115265ee74a7b62aff9241b03d96527aa5a73ae958c3668d96b183010144f441c34476a0a2cdfb53516b05889e
SSDEEP

768:ndhO/poiiUcjlJInbQuH9Xqk5nWEZ5SbTDaRWI7CPW5D:dw+jjgnZH9XqcnW85SbToWIL

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

AXISWARE

Attributes

delay
5000
install_path
temp
port
1234
startup_name
User

Targets

- Target
  
  9fbc285f7b604f892f4eb19c55302215cb5ec976a1eb06d9424335894bc08055
- Size
  
  45KB
- MD5
  
  a96c296b9891507e5119f0620086677b
- SHA1
  
  5db23b067df67a6b45c64081f46d7f196ca6045f
- SHA256
  
  9fbc285f7b604f892f4eb19c55302215cb5ec976a1eb06d9424335894bc08055
- SHA512
  
  9440621c8db67237861638b6ac95f746209093115265ee74a7b62aff9241b03d96527aa5a73ae958c3668d96b183010144f441c34476a0a2cdfb53516b05889e
- SSDEEP
  
  768:ndhO/poiiUcjlJInbQuH9Xqk5nWEZ5SbTDaRWI7CPW5D:dw+jjgnZH9XqcnW85SbToWIL
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratrattrojan

behavioral2

xenoratrattrojan