xenorat | 8de191bee3f6ca50411f20a46b2bd1170d4a7a012bdbed151f2854dd7f1afdc8 | Triage

Sharing

General

Target

stub2.exe
Size

45KB
Sample

240513-sfjd9acc35
MD5

375395b1fb6017ba3c4af4f1317ef7c3
SHA1

109e31925a757348ca517eb69cb129d1b471d16e
SHA256

8de191bee3f6ca50411f20a46b2bd1170d4a7a012bdbed151f2854dd7f1afdc8
SHA512

bbfcf92f9570660e16d1d93f714368822ee5823eb8314ac102568b7f10fcbaa4033aa786a4bc329cbfd64b7e9b8a91f56cb472eff78882eade0306c8b65d3bf0
SSDEEP

768:9dhO/poiiUcjlJInfYH9Xqk5nWEZ5SbTDa1uI7CPW5s:zw+jjgnwH9XqcnW85SbTIuI0

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

himekosworld-37849.portmap.host

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
temp
port
37849
startup_name
nothingset

Targets

- Target
  
  stub2.exe
- Size
  
  45KB
- MD5
  
  375395b1fb6017ba3c4af4f1317ef7c3
- SHA1
  
  109e31925a757348ca517eb69cb129d1b471d16e
- SHA256
  
  8de191bee3f6ca50411f20a46b2bd1170d4a7a012bdbed151f2854dd7f1afdc8
- SHA512
  
  bbfcf92f9570660e16d1d93f714368822ee5823eb8314ac102568b7f10fcbaa4033aa786a4bc329cbfd64b7e9b8a91f56cb472eff78882eade0306c8b65d3bf0
- SSDEEP
  
  768:9dhO/poiiUcjlJInfYH9Xqk5nWEZ5SbTDa1uI7CPW5s:zw+jjgnwH9XqcnW85SbTIuI0
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xenoratrattrojan

behavioral2

xenoratrattrojan

behavioral3

xenoratrattrojan