xenorat | 4b25b70180a66fc9112ea0dc57fe2778d204a3327980717f66bed1290767d19a | Triage

Sharing

General

Target

4b25b70180a66fc9112ea0dc57fe2778d204a3327980717f66bed1290767d19a
Size

241KB
Sample

240506-w7m4asha22
MD5

9cd296f29d513c5d8b8aa64379b877ea
SHA1

cccb6576c574d37673f468a850e6227254a4c9bc
SHA256

4b25b70180a66fc9112ea0dc57fe2778d204a3327980717f66bed1290767d19a
SHA512

3d8c36a2bf84ea5bd749af0a5fcbe4dc44211fb2f2c588d40e720f42bff9bf0b3781c940af6c2fd4a0ede730df51f01065bd07b27e7125f7971fe3e17f5c717e
SSDEEP

6144:Gy9PRDmba+XD7nn/TbCCdVhd/AarhwmcCLQa1GwWBVhQoI:Ca+XD7/TbXdPRAatzcfa1GwWBVhQV

Score

10^/10

xenorat rat spyware stealer trojan

Malware Config

Extracted

Family

xenorat

C2

dns.requimacofradian.site

Mutex

Xeno_rat_nd8818g

Attributes

delay
60000
install_path
appdata
port
1243
startup_name
uic

Targets

- Target
  
  4b25b70180a66fc9112ea0dc57fe2778d204a3327980717f66bed1290767d19a
- Size
  
  241KB
- MD5
  
  9cd296f29d513c5d8b8aa64379b877ea
- SHA1
  
  cccb6576c574d37673f468a850e6227254a4c9bc
- SHA256
  
  4b25b70180a66fc9112ea0dc57fe2778d204a3327980717f66bed1290767d19a
- SHA512
  
  3d8c36a2bf84ea5bd749af0a5fcbe4dc44211fb2f2c588d40e720f42bff9bf0b3781c940af6c2fd4a0ede730df51f01065bd07b27e7125f7971fe3e17f5c717e
- SSDEEP
  
  6144:Gy9PRDmba+XD7nn/TbCCdVhd/AarhwmcCLQa1GwWBVhQoI:Ca+XD7/TbXdPRAatzcfa1GwWBVhQV
Score

10^/10

xenorat rat spyware stealer trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratratspywarestealertrojan

behavioral2

xenoratratspywarestealertrojan