xenorat | bbafea1be559fc898f4e6d48b1d0514a4f6cc9348c1755e8978ee264824a7d51 | Triage

Sharing

General

Target

NigNig.exe
Size

51KB
Sample

240430-wcvjwsca4s
MD5

ed852fca3d9f3b61313c33ebcb843d88
SHA1

7786d1943a1e00319df05a6199d70dc69ff0a25d
SHA256

bbafea1be559fc898f4e6d48b1d0514a4f6cc9348c1755e8978ee264824a7d51
SHA512

0294771e06f472e29ce8030ca4e7dd9cb45074f9a7b3a55e700c36f7b7f80889d295cccd05fa61a9d4944a2bf8a47a824aa5ccd26602475e3701491c92f51418
SSDEEP

768:bivdjHrddilbVauou79EoasmqEPBZ6HLBSkGu2yPo+LGZYebFDa9k6RNSgNOcf:8pHmVauo35n/ZADj6CSYebFwlf42

Score

10^/10

xenorat rat spyware stealer trojan

Malware Config

Extracted

Family

xenorat

C2

teaching-wireless.gl.at.ply.gg

Mutex

nignig_rat_nd8912d

Attributes

delay
1000
install_path
temp
port
39289
startup_name
discord

Targets

- Target
  
  NigNig.exe
- Size
  
  51KB
- MD5
  
  ed852fca3d9f3b61313c33ebcb843d88
- SHA1
  
  7786d1943a1e00319df05a6199d70dc69ff0a25d
- SHA256
  
  bbafea1be559fc898f4e6d48b1d0514a4f6cc9348c1755e8978ee264824a7d51
- SHA512
  
  0294771e06f472e29ce8030ca4e7dd9cb45074f9a7b3a55e700c36f7b7f80889d295cccd05fa61a9d4944a2bf8a47a824aa5ccd26602475e3701491c92f51418
- SSDEEP
  
  768:bivdjHrddilbVauou79EoasmqEPBZ6HLBSkGu2yPo+LGZYebFDa9k6RNSgNOcf:8pHmVauo35n/ZADj6CSYebFwlf42
Score

10^/10

xenorat rat spyware stealer trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratratspywarestealertrojan

behavioral2

xenoratrattrojan