xenorat | 80b98aa859cff943bece9831f7de94656292ff5147db30a9e315ee30553425c2 | Triage

Submit
Reports

Overview

overview

Static

static

3

EchoLogger.exe

windows11-21h2-x64

Sharing

General

Target

EchoLogger.exe
Size

5.6MB
Sample

240511-xj7y8sfc26
MD5

0b1f4455971b59cd0943b78ac80d1f95
SHA1

54da81385d5d67bfb925ddd7b5dbf2bae923cce5
SHA256

80b98aa859cff943bece9831f7de94656292ff5147db30a9e315ee30553425c2
SHA512

5805d67ab91d32d203433a299943bfde35a65945ebb7861b770c4a00a9adfd3938c6c347e7a1eb120de9240edd2452a0b8d1af9664ff0d6f50cbb4e5ed042c5f
SSDEEP

98304:Y9r1U+si7I0QgV8uPYo/FrjoYPLCr2P5+yvNAyAkkYgGquVIia2kJb8WG9sE68gB:aSUIsV8uASFrjjW0+aAukqZ24zgRm2u2

Score

10^/10

xenorat zgrat execution rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

EchoLogger.exe

Resource

win11-20240426-en

xenorat zgrat execution rat trojan

windows11-21h2-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

xenorat

C2

jctestwindows.airdns.org

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
appdata
port
45010
startup_name
ErrorManager

Targets

- Target
  
  EchoLogger.exe
- Size
  
  5.6MB
- MD5
  
  0b1f4455971b59cd0943b78ac80d1f95
- SHA1
  
  54da81385d5d67bfb925ddd7b5dbf2bae923cce5
- SHA256
  
  80b98aa859cff943bece9831f7de94656292ff5147db30a9e315ee30553425c2
- SHA512
  
  5805d67ab91d32d203433a299943bfde35a65945ebb7861b770c4a00a9adfd3938c6c347e7a1eb120de9240edd2452a0b8d1af9664ff0d6f50cbb4e5ed042c5f
- SSDEEP
  
  98304:Y9r1U+si7I0QgV8uPYo/FrjoYPLCr2P5+yvNAyAkkYgGquVIia2kJb8WG9sE68gB:aSUIsV8uASFrjjW0+aAukqZ24zgRm2u2
Score

10^/10

xenorat zgrat execution rat trojan
- Detect ZGRat V1
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratzgratexecutionrattrojan

© 2018-2024

Terms | Privacy