xenorat | 539444f76364a15c3ccfc831c1d4bc058164fb38f3a2f750f8a3e19d7a739a33 | Triage

Sharing

General

Target

RIZZ.exe
Size

45KB
Sample

240509-3l17csgh44
MD5

b359b4a29a349eefc91228ef7ad6b1fd
SHA1

8e914d19c384f053ee09811e7f5853bdcace4b0b
SHA256

539444f76364a15c3ccfc831c1d4bc058164fb38f3a2f750f8a3e19d7a739a33
SHA512

1be028ebc9cf8f1adc86ff964513a6dfce8edc3a3bad0e297affb53ec06a5acf3425a937acf66ba6a4f513f4531c5287146b5b1797bd44e221125ffe5b96ebf7
SSDEEP

768:BdhO/poiiUcjlJIncTwH9Xqk5nWEZ5SbTDaiWI7CPW5e:/w+jjgnNH9XqcnW85SbTjWIm

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

192.168.56.1

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
appdata
port
4444
startup_name
STARTING

Targets

- Target
  
  RIZZ.exe
- Size
  
  45KB
- MD5
  
  b359b4a29a349eefc91228ef7ad6b1fd
- SHA1
  
  8e914d19c384f053ee09811e7f5853bdcace4b0b
- SHA256
  
  539444f76364a15c3ccfc831c1d4bc058164fb38f3a2f750f8a3e19d7a739a33
- SHA512
  
  1be028ebc9cf8f1adc86ff964513a6dfce8edc3a3bad0e297affb53ec06a5acf3425a937acf66ba6a4f513f4531c5287146b5b1797bd44e221125ffe5b96ebf7
- SSDEEP
  
  768:BdhO/poiiUcjlJIncTwH9Xqk5nWEZ5SbTDaiWI7CPW5e:/w+jjgnNH9XqcnW85SbTjWIm
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratrattrojan