Overview

overview

10

Static

static

10

LunarRO_EXEC.exe

windows7-x64

10

LunarRO_EXEC.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LunarRO_EXEC.exe

  • Size

    96KB

  • Sample

    240509-rtwq3ahc76

  • MD5

    750660c4115082f310530b6edaee6646

  • SHA1

    fcb00e8256e7978e4e4690cd8e44fec66c423f2a

  • SHA256

    12cc22d6b7041f8698d8000327c170aba486bd4aee9ef31f204a379ec7968fa5

  • SHA512

    e5ce9e3b97624474a58cc0f47e414516479f936c45873aadb38bf23a3d0576a2590d9e1b17f248c5423bb661f48b7bb3210f545a982d3fc8575c7001e63c1ddd

  • SSDEEP

    1536:Ww+jjgneye9H9XqcnW85SbTPWI3ehk/oA2MLc4bJnIkX8xOFZU3p2Nn0:Ww+jqeyeF91UbTP8VEc4CksyZU3gNn0

Score
10/10
xenoratrattrojan

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

LunarRO_EXEC

Attributes
  • delay

    5000

  • install_path

    temp

  • port

    4444

  • startup_name

    Microsoft File Updater

Targets

    • Target

      LunarRO_EXEC.exe

    • Size

      96KB

    • MD5

      750660c4115082f310530b6edaee6646

    • SHA1

      fcb00e8256e7978e4e4690cd8e44fec66c423f2a

    • SHA256

      12cc22d6b7041f8698d8000327c170aba486bd4aee9ef31f204a379ec7968fa5

    • SHA512

      e5ce9e3b97624474a58cc0f47e414516479f936c45873aadb38bf23a3d0576a2590d9e1b17f248c5423bb661f48b7bb3210f545a982d3fc8575c7001e63c1ddd

    • SSDEEP

      1536:Ww+jjgneye9H9XqcnW85SbTPWI3ehk/oA2MLc4bJnIkX8xOFZU3p2Nn0:Ww+jqeyeF91UbTP8VEc4CksyZU3gNn0

    Score
    10/10
    xenoratrattrojan

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks