General
-
Target
2024-05-07_7dacc5f705f4773fb1bd5711977b6a4b_ngrbot_snatch
-
Size
5.4MB
-
Sample
240507-jcmstseh2w
-
MD5
7dacc5f705f4773fb1bd5711977b6a4b
-
SHA1
bef4451f4bf5a2c72f3505a282551606c31b94f8
-
SHA256
f727ddfdf7e802969f8f792e8101ce3f39803fc2e7306f4c93f94f37dce00bc5
-
SHA512
700d23c17968779b52529047c7c73b7d21f2baf4e81672054ae8b552f37a02ba8be543f51e85a63badc3b5c0567833963b717359c2bb4a2d49a3c1f12f0753a6
-
SSDEEP
49152:ALkjoWYAUZzhXjF/exacTv4U+SbNmuP30ntABdqju5EsiMllYBNC83OnQlds:AodYAUZz1RYvFNDPEtQ5EsOB+n0s
Malware Config
Extracted
xenorat
69.46.15.141
Xeno_rat_nd8912d
-
delay
5000
-
install_path
nothingset
-
port
4444
-
startup_name
nothingset
Targets
-
-
Target
2024-05-07_7dacc5f705f4773fb1bd5711977b6a4b_ngrbot_snatch
-
Size
5.4MB
-
MD5
7dacc5f705f4773fb1bd5711977b6a4b
-
SHA1
bef4451f4bf5a2c72f3505a282551606c31b94f8
-
SHA256
f727ddfdf7e802969f8f792e8101ce3f39803fc2e7306f4c93f94f37dce00bc5
-
SHA512
700d23c17968779b52529047c7c73b7d21f2baf4e81672054ae8b552f37a02ba8be543f51e85a63badc3b5c0567833963b717359c2bb4a2d49a3c1f12f0753a6
-
SSDEEP
49152:ALkjoWYAUZzhXjF/exacTv4U+SbNmuP30ntABdqju5EsiMllYBNC83OnQlds:AodYAUZz1RYvFNDPEtQ5EsOB+n0s
Score10/10-
XenorRat
XenorRat is a remote access trojan written in C#.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Modifies Windows Firewall
-
Executes dropped EXE
-