xenorat | 64a7cb7696b989b9efd4dc55d27734ff145947bdb1f00cc8ccb3aef375482b13 | Triage

Submit
Reports

Overview

overview

Static

static

64a7cb7696...13.exe

windows7-x64

64a7cb7696...13.exe

windows10-2004-x64

Sharing

General

Target

64a7cb7696b989b9efd4dc55d27734ff145947bdb1f00cc8ccb3aef375482b13.exe
Size

243KB
Sample

240508-cfnqzacg5z
MD5

4fb617030dfe4483a1e89d865f8e97a3
SHA1

93f9bebfcdb305040910d6a71e474e30119d1a52
SHA256

64a7cb7696b989b9efd4dc55d27734ff145947bdb1f00cc8ccb3aef375482b13
SHA512

027a24bcff977f164e9b16e3c768520a4d823bd73950a056b166c63ba383b01c3c2a2e1e7d81ab26cd104d5ad8cea9aacb3d7240aea3af31866613e42775b8c7
SSDEEP

6144:u20/Iq8rEI5eVDp3tOKcSuTEBGhegZuWQ8JZI+ludKsZdeTI:uVErEIw/7cSuTX7/JZ1ludKsZdeU

Score

10^/10

xenorat rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

64a7cb7696b989b9efd4dc55d27734ff145947bdb1f00cc8ccb3aef375482b13.exe

Resource

win7-20240220-en

xenorat rat trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

64a7cb7696b989b9efd4dc55d27734ff145947bdb1f00cc8ccb3aef375482b13.exe

Resource

win10v2004-20240419-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Extracted

Family

xenorat

C2

dns.requimacofradian.site

Mutex

Xeno_rat_nd8818g

Attributes

delay
60000
install_path
appdata
port
1243
startup_name
uic

Targets

- Target
  
  64a7cb7696b989b9efd4dc55d27734ff145947bdb1f00cc8ccb3aef375482b13.exe
- Size
  
  243KB
- MD5
  
  4fb617030dfe4483a1e89d865f8e97a3
- SHA1
  
  93f9bebfcdb305040910d6a71e474e30119d1a52
- SHA256
  
  64a7cb7696b989b9efd4dc55d27734ff145947bdb1f00cc8ccb3aef375482b13
- SHA512
  
  027a24bcff977f164e9b16e3c768520a4d823bd73950a056b166c63ba383b01c3c2a2e1e7d81ab26cd104d5ad8cea9aacb3d7240aea3af31866613e42775b8c7
- SSDEEP
  
  6144:u20/Iq8rEI5eVDp3tOKcSuTEBGhegZuWQ8JZI+ludKsZdeTI:uVErEIw/7cSuTX7/JZ1ludKsZdeU
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Detects executables packed with ConfuserEx Mod
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratrattrojan

behavioral2

© 2018-2024

Terms | Privacy