xenorat | 3a27cbf28bf377fdaf2ede53ce2c4df68bc2a69de9a97912fc2bb836e643a95f | Triage

Sharing

General

Target

stzb.exe
Size

45KB
Sample

240511-thaqkaef21
MD5

d699990c3a4490c11c156fec8add57d7
SHA1

27227c08812566529e4a36d00655a25343fed2c0
SHA256

3a27cbf28bf377fdaf2ede53ce2c4df68bc2a69de9a97912fc2bb836e643a95f
SHA512

7fdb8064bd9ff20318da59967b1b8068eac047729baabdf19ce99145fd647a546eb57a9e02d22166afc4d839476932dbb8b54305e0026140a1de6ef834620b65
SSDEEP

768:EdhO/poiiUcjlJInNHqH9Xqk5nWEZ5SbTDasWI7CPW5Q:ew+jjgnEH9XqcnW85SbTFWI4

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

ayumi-42243.portmap.host

Mutex

Xeno_rat_nd8912d

Attributes

delay
1000
install_path
appdata
port
42243
startup_name
asdf

Targets

- Target
  
  stzb.exe
- Size
  
  45KB
- MD5
  
  d699990c3a4490c11c156fec8add57d7
- SHA1
  
  27227c08812566529e4a36d00655a25343fed2c0
- SHA256
  
  3a27cbf28bf377fdaf2ede53ce2c4df68bc2a69de9a97912fc2bb836e643a95f
- SHA512
  
  7fdb8064bd9ff20318da59967b1b8068eac047729baabdf19ce99145fd647a546eb57a9e02d22166afc4d839476932dbb8b54305e0026140a1de6ef834620b65
- SSDEEP
  
  768:EdhO/poiiUcjlJInNHqH9Xqk5nWEZ5SbTDasWI7CPW5Q:ew+jjgnEH9XqcnW85SbTFWI4
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratrattrojan

behavioral2

xenoratrattrojan

behavioral3

xenoratrattrojan