xenorat | 66621a34a0482c2cd3d90ac3b702c5dd9bbef332927e2f5f2d374a2f80a151f5 | Triage

Sharing

General

Target

corruptedmodz_rat.rar
Size

19KB
Sample

240510-ey543sag4w
MD5

682dd444e32d545fde8aac4ef34cb851
SHA1

71326c2cfa046b736e1f56dd6c9a110e63079c69
SHA256

66621a34a0482c2cd3d90ac3b702c5dd9bbef332927e2f5f2d374a2f80a151f5
SHA512

dea532aaeaae71617730babc6bf865da2cb7162059e1dae6bd4d70dcd7e40d994be5b3c49a018325ed742f35ed63fc316680880fc0606c2a713e981068ea0c79
SSDEEP

384:KEoI1DrzguMDOvweY4Yo0uBI1J6XYwjyozVfeB14FuJJY:K8muMDAY4Yo5IDhwjyQVmfJY

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

thought-rolls.gl.at.ply.gg

Mutex

23y7-bdgd-2cb

Attributes

delay
3000
install_path
appdata
port
45999
startup_name
runtimebroker

Targets

- Target
  
  corruptedmodz_rat.rar
- Size
  
  19KB
- MD5
  
  682dd444e32d545fde8aac4ef34cb851
- SHA1
  
  71326c2cfa046b736e1f56dd6c9a110e63079c69
- SHA256
  
  66621a34a0482c2cd3d90ac3b702c5dd9bbef332927e2f5f2d374a2f80a151f5
- SHA512
  
  dea532aaeaae71617730babc6bf865da2cb7162059e1dae6bd4d70dcd7e40d994be5b3c49a018325ed742f35ed63fc316680880fc0606c2a713e981068ea0c79
- SSDEEP
  
  384:KEoI1DrzguMDOvweY4Yo0uBI1J6XYwjyozVfeB14FuJJY:K8muMDAY4Yo5IDhwjyQVmfJY
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xenoratrattrojan