Overview

overview

10

Static

static

10

2006d6408f...4a.exe

windows7-x64

10

2006d6408f...4a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2006d6408f92f5a66d2b62f5635eeb078fa2b4bfbd615791913cddec834ebb4a.exe

  • Size

    243KB

  • Sample

    240509-blql3sab6t

  • MD5

    d8f6115b7622aae1932adce73e6a22ae

  • SHA1

    f7cf718ab1af7a1c14788a29bddd2a9a2204a0d8

  • SHA256

    2006d6408f92f5a66d2b62f5635eeb078fa2b4bfbd615791913cddec834ebb4a

  • SHA512

    c8bb38387467b5ae0fb19d9fa5aa1086eb099de8d878ec000633daec9d27a149ed8943ec26e375d6c0799b2f32f0d72c12bb9ee78cd447fc6c855a0b75300cd6

  • SSDEEP

    6144:nmqwqSDBvqTGEi35YZcUuZhFwoc+XQ34utDPG3HWC+AgxQkWvI:nmpDBvqTGhiZcUkhCocfDe3HWC+AgxQQ

Score
10/10
xenoratrattrojan

Malware Config

Extracted

Family

xenorat

C2

dns.requimacofradian.site

Mutex

Xeno_rat_nd8828g

Attributes
  • delay

    60000

  • install_path

    appdata

  • port

    1253

  • startup_name

    dic

Targets

    • Target

      2006d6408f92f5a66d2b62f5635eeb078fa2b4bfbd615791913cddec834ebb4a.exe

    • Size

      243KB

    • MD5

      d8f6115b7622aae1932adce73e6a22ae

    • SHA1

      f7cf718ab1af7a1c14788a29bddd2a9a2204a0d8

    • SHA256

      2006d6408f92f5a66d2b62f5635eeb078fa2b4bfbd615791913cddec834ebb4a

    • SHA512

      c8bb38387467b5ae0fb19d9fa5aa1086eb099de8d878ec000633daec9d27a149ed8943ec26e375d6c0799b2f32f0d72c12bb9ee78cd447fc6c855a0b75300cd6

    • SSDEEP

      6144:nmqwqSDBvqTGEi35YZcUuZhFwoc+XQ34utDPG3HWC+AgxQkWvI:nmpDBvqTGhiZcUkhCocfDe3HWC+AgxQQ

    Score
    10/10
    xenoratrattrojan

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Detects executables packed with ConfuserEx Mod

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks