xenorat | 6b35e59ba5327c657edd793620278a00_NEAS | Triage

Sharing

General

Target

6b35e59ba5327c657edd793620278a00_NEAS
Size

39KB
MD5

6b35e59ba5327c657edd793620278a00
SHA1

c4ffc82322f136a5d56b500f66a9fbffecbcc7a0
SHA256

326655c480a480f47f88d6282f116e3144273114f36de1d5bd8bb1c251f21cdc
SHA512

ef949f35a04fe27ec7f1f4021543783c3193b10a50f07877b162e50af4b3934410c4ae135a29a4d296c172d46ccd482e92028d396276cb0c5011a6adc48aa355
SSDEEP

768:q1u2l/LK/8yqdlfIzzQlbS6m/a3bnn2alRPPEs1jj5U:H6oSPYzGS6maz2alFEW5U

Score

10^/10

rat xenorat

Malware Config

Extracted

Family

xenorat

C2

localhost

Mutex

testing 123123

Attributes

delay
1000
install_path
nothingset
port
1234
startup_name
nothingset

Signatures

Detects XenoRAT malware 1 IoCs

XenoRAT is an open-source remote access tool (RAT) developed in C#.

resource	yara_rule
sample	XenoRAT

Xenorat family
xenorat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6b35e59ba5327c657edd793620278a00_NEAS

Files

6b35e59ba5327c657edd793620278a00_NEAS
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Armin\Creds\HK\New\tools\xeno-rat-1.8.7\xeno rat client\obj\Release\managing_app.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ