xenorat | 12cc22d6b7041f8698d8000327c170aba486bd4aee9ef31f204a379ec7968fa5 | Triage

Sharing

General

Target

LunarRO_EXEC.exe
Size

96KB
Sample

240509-rtwq3ahc76
MD5

750660c4115082f310530b6edaee6646
SHA1

fcb00e8256e7978e4e4690cd8e44fec66c423f2a
SHA256

12cc22d6b7041f8698d8000327c170aba486bd4aee9ef31f204a379ec7968fa5
SHA512

e5ce9e3b97624474a58cc0f47e414516479f936c45873aadb38bf23a3d0576a2590d9e1b17f248c5423bb661f48b7bb3210f545a982d3fc8575c7001e63c1ddd
SSDEEP

1536:Ww+jjgneye9H9XqcnW85SbTPWI3ehk/oA2MLc4bJnIkX8xOFZU3p2Nn0:Ww+jqeyeF91UbTP8VEc4CksyZU3gNn0

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

LunarRO_EXEC

Attributes

delay
5000
install_path
temp
port
4444
startup_name
Microsoft File Updater

Targets

- Target
  
  LunarRO_EXEC.exe
- Size
  
  96KB
- MD5
  
  750660c4115082f310530b6edaee6646
- SHA1
  
  fcb00e8256e7978e4e4690cd8e44fec66c423f2a
- SHA256
  
  12cc22d6b7041f8698d8000327c170aba486bd4aee9ef31f204a379ec7968fa5
- SHA512
  
  e5ce9e3b97624474a58cc0f47e414516479f936c45873aadb38bf23a3d0576a2590d9e1b17f248c5423bb661f48b7bb3210f545a982d3fc8575c7001e63c1ddd
- SSDEEP
  
  1536:Ww+jjgneye9H9XqcnW85SbTPWI3ehk/oA2MLc4bJnIkX8xOFZU3p2Nn0:Ww+jqeyeF91UbTP8VEc4CksyZU3gNn0
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratrattrojan

behavioral2

xenoratrattrojan