xenorat | b6e5b9c22542db428703bda39bff935380a4295c7ac84839449002003d0902c7 | Triage

Sharing

General

Target

tyjhtyjty.exe
Size

45KB
Sample

240430-3v4zlscg55
MD5

15c2c2d9fd551bc161ff0d959f019517
SHA1

af2c403a076be245ad87907650d24ae183823173
SHA256

b6e5b9c22542db428703bda39bff935380a4295c7ac84839449002003d0902c7
SHA512

d47f5c9a8b42a6af52ed609a1fb4edeccda1108d464f34c1c575b8e60a193a295ff5457e30789bbb3f711d73157e7d38035902cf56b7acbe27ef0452a0e52b44
SSDEEP

768:MdhO/poiiUcjlJInn2gH9Xqk5nWEZ5SbTDaJuI7CPW5/:Gw+jjgnnLH9XqcnW85SbTEuIX

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

204.213.57.5

Mutex

VapePatcher

Attributes

delay
5000
install_path
appdata
port
6666
startup_name
Minecraft Launcher

Targets

- Target
  
  tyjhtyjty.exe
- Size
  
  45KB
- MD5
  
  15c2c2d9fd551bc161ff0d959f019517
- SHA1
  
  af2c403a076be245ad87907650d24ae183823173
- SHA256
  
  b6e5b9c22542db428703bda39bff935380a4295c7ac84839449002003d0902c7
- SHA512
  
  d47f5c9a8b42a6af52ed609a1fb4edeccda1108d464f34c1c575b8e60a193a295ff5457e30789bbb3f711d73157e7d38035902cf56b7acbe27ef0452a0e52b44
- SSDEEP
  
  768:MdhO/poiiUcjlJInn2gH9Xqk5nWEZ5SbTDaJuI7CPW5/:Gw+jjgnnLH9XqcnW85SbTEuIX
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratrattrojan