Overview

overview

10

Static

static

3

Comprobante.exe

windows7-x64

10

Comprobante.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Comprobante.exe

  • Size

    242KB

  • Sample

    240507-gw2d8afd57

  • MD5

    88569a0094dafd1c5d804534cc6afde4

  • SHA1

    ccf747db107b4e3a6aae1fb202b2aed36eba8bf4

  • SHA256

    9c5864e5d700ac53ebd61bd2494d93f9b43e5f74275a7204ff6d04adabcc397d

  • SHA512

    73901b82c35d86cd547dcd7f378d914dcbdfe67b5d8691527e77dfcf9c42fc0b384e6ec527555a98de7e397904923b95ae0d5a48737f6570e6d77bf82baf4352

  • SSDEEP

    6144:yEbA05j2yCleJJ2qnqnCQlTDSxL1wy1r41XaulCQGZMlIvBIEPYr+A29F4I:yEbA05jKmJ2qwkL1N1CnlnlIvBIEPYrU

Score
10/10
xenoratrattrojan

Malware Config

Extracted

Family

xenorat

C2

dns.requimacofradian.site

Mutex

Xeno_rat_nd8818g

Attributes
  • delay

    60000

  • install_path

    appdata

  • port

    1243

  • startup_name

    uic

Targets

    • Target

      Comprobante.exe

    • Size

      242KB

    • MD5

      88569a0094dafd1c5d804534cc6afde4

    • SHA1

      ccf747db107b4e3a6aae1fb202b2aed36eba8bf4

    • SHA256

      9c5864e5d700ac53ebd61bd2494d93f9b43e5f74275a7204ff6d04adabcc397d

    • SHA512

      73901b82c35d86cd547dcd7f378d914dcbdfe67b5d8691527e77dfcf9c42fc0b384e6ec527555a98de7e397904923b95ae0d5a48737f6570e6d77bf82baf4352

    • SSDEEP

      6144:yEbA05j2yCleJJ2qnqnCQlTDSxL1wy1r41XaulCQGZMlIvBIEPYr+A29F4I:yEbA05jKmJ2qwkL1N1CnlnlIvBIEPYrU

    Score
    10/10
    xenoratrattrojan

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks